Like I said, I can't even remember original question, but I think the short answer is: TelnetD running on your server allowing people to login via telnet is BAD SSHD running on your server allowing people to login is GOOD And as far as SSH Windows clients go, as I have said before, even though it isn't free, PenguiNet is really nice. I just tried Putty again, no contest in my mind which is easier. Biggest downside for PenguiNet right now for me is no SSH2 support yet. Mark -----Original Message----- From: Glenn Crocker [mailto:glenn@netmud.com] Sent: Friday, January 11, 2002 2:34 PM To: kclug@kclug.org Subject: RE: Another good reason for telnet But all the other protocols that are telnet-compatible have security problems. POP3, for example, really should be encrypted. That's your password flying over the socket for all the world to see. Same with FTP. On the HTTP side, I'd like to see more https usage just for privacy reasons. There's really no reason for unencrypted data to ever move point-to-point. In that way, I'd say that the insecure protocols telnet is compatible with are "bad". -glenn Glenn Crocker Netmud http://www.netmud.com 913-451-7785, glenn@netmud.com > I may have lost the point here at some place along the line, but the > security issue isn't telnet client, it is telnet running on the server as > far as I know. > > When you do things like telnet to port 80 to act like a browser, > that isn't > using telnet on the server, you are just acting to the web server > like a web > browser by using telnet. > > > > -----Original Message----- > From: John Heryer [mailto:jheryer@violet.jayhawks.net] > Sent: Friday, January 11, 2002 12:31 PM > To: kclug@kclug.org > Subject: Re: Another good reason for telnet > > > On Fri, 11 Jan 2002, DCT Jared Smith wrote: > > Frankly, if you follow my logic here, you'll see: Woe be the > day that Bill > > > Gates (rather, his heir) dispenses the only 'certified' encryption > protocol > > on the 'Net. The best way to keep that from happening is to use Telnet > > responsibly. No need to use it to login to shell, but within a stout, > logged, > > firewall even that should be possible. > > Client to server ssh usage is primarly *nix thing. The day Microsoft > developes a certified, encrypted, remote session it will be from one > windows machine to another. Primarily used as the trasportation of choice > for the new generation of virii. I can't forsee the guys working on > openssh supporting the new microsoft encryption scheme (if it > ever were to > exist). > > 'Responsible' telnet usage goes hand in hand with 'responsible' packet > sniffer usage. The only thing a firewall will do for you is > prevent telnet > usage and that my friend ... is a goodthang(tm) > > > Good Lord, we have to trust someone, somewhere. > > Yeah... right. > > -- > John Heryer > jheryer@jayhawks.net > > > > > >