[oclug] TCP Wrapper problem
Taavi Burns
tburns at ualberta.ca
Wed Aug 8 10:15:14 EDT 2001
On Wed, 8 Aug 2001, Bart Trojanowski wrote:
> I find that having mindterm setup is a great alternative to telnet. This
> is true only if the client has a JVM (java virtual machine) in their
> web browser.
>
> 'mindterm' is a java applet that implements ssh. You place it in some
> non advertised location on your webserver and when you connect there from
> the outside you get to log in using ssh. Mind term, if not purchased,
> only allows you to login to the host it runs on. But if you purchase it
> you can connect to a 3rd host.
That's interesting. I thought that went counter to the security model in
place for Java. A Java application, of course, can connect to anywhere,
but an embedded applet, AFAIK, _ought_ to be restricted to the site it
comes from, to prevent nasty stuff (like sending your _unencrypted_ ssh
data to a 3rd party server, just for some 133t d00dz pleasure).
> When you are using someone elses box you can never be sure that the ssh
> binary was not compromised to save your password in some file. It is
> much less trivial to compromise Netscape's JVM than it is to compromise
> openssl/openssh.
But is it trivial to intercept an HTTP transfer? Yo! Hence the above
restriction on IP connections. (doesn't fix, but helps)
>
> B.
>
> * Curtis Ireland <cireland at solidum.com> [010808 09:59]:
> > Sometimes, telnetd is a necessary evil. Sometimes, the workstation you are
> > on does not have an SSH client, nor can you install one. For instance,
> > connecting from Algonquin College can only be done through Telnet.
> >
> > I admit, if I had my way, the telnetd package would be left in a deep,
> > dark, dusty hole. Unfortunately, I need it. Instead, I have a second,
> > permission stripped account.
> > -C
> >
> > At 09:22 AM 2001/08/08 -0400, Raymond Wood wrote:
> > >On 8 Aug 2001, at 3:02, Dave Lewis wrote:
> > >
> > > > I can't seem to get my wrapper configuration right.. I want it to
> > > display a
> > > > message on the screen of someone who
> > > > telnet's in or at least tries to telnet in to my machine, as well as send
> > > > an email to a specified user of their attempt
> > >
> > >Just kill telnetd altogether - it's evil, so uninstall it.
> > >
> > >Then get OpenSSH (client and server) to replace it.
> > >
> > >My $0.02,
> > >Raymond
> > >--
> > >"Freedom is no longer available for free."
> > > (recent 'newspeak' from ZeroKnowledge Systems)
> > >_______________________________________________
> > >oclug mailing list
> > >oclug at lists.oclug.on.ca
> > >http://www.oclug.on.ca/mailman/listinfo/oclug
> >
> > --
> > Curtis Ireland - cireland at solidum.com
> > Solidum Systems - http://www.solidum.com
> > (T) (613)724-6004 x284 - (F) (613)724-6008
> >
> > _______________________________________________
> > oclug mailing list
> > oclug at lists.oclug.on.ca
> > http://www.oclug.on.ca/mailman/listinfo/oclug
>
> --
> WebSig: http://www.jukie.net/~bart/sig/
>
taa
Heaven doesn't want me and hell is afraid I'll take over.
/*eof*/
More information about the OCLUG
mailing list