Subject: Re: moving telnet to another port
To: Paul Goyette <paul@whooppee.com>
From: Dr. Bill Studenmund <wrstuden@loki.stanford.edu>
List: port-mac68k
Date: 11/05/1998 17:10:46
On Thu, 5 Nov 1998, Paul Goyette wrote:

> On Thu, 5 Nov 1998, Dr. Bill Studenmund wrote:
> 
> > I think editing /etc/services to renumber the telnet service would be a
> > mistake. Either just camp telnet on another service's port, or add
> > something like a "joetelnet" at a new port #.
> 
> Actually, according to the man page, telnetd looks in /etc/services and
> the only reason this could is to find out what port to listen on.
> (Caveat:  this is only from a "logical" perspective;  I have NOT read
> the source code for telnetd!)

?? Are you sure? The 1.3.2 man page says that inetd looks in /etc/services
to know where to hook up telnetd. telnetd should just take the sockets its
given, and seems to. I've had multiple telnetd's running on a machine
(some with kerberos, some w/o).

> > Nope, that's it. Your telnet will still be as (in)secure as before, just
> > external intruders won't know where to look for it.
> 
> Yep.  I strongly recommend using ssh if you want security, and disable
> telnet as well as all the r things (rlogin, rsh, rcmd).

Right. Though ssh works really well in place of rsh, rcp, etc..

Take care,

Bill