[Info-vax] EISNER access will be SSH-only
Phillip Helbig undress to reply
helbig at asclothestro.multivax.de
Sat Jan 9 14:54:08 EST 2021
In article <rtcnp0$elb$1 at dont-email.me>, Hunter Goatley
<goathunter at goatley.com> writes:
> > It won't affect me, but why not just move Telnet from port 23 onto,
> > say, 2023 (or almost any unpopular port), and publicize it? I allow
> > wrong-port Telnet access on my server, and I see about four probes/year
> > (none of which is an actual log-in attempt).
> >
> > I don't use 22 (externally) for SSH, either. Same reason, similar
> > results.
> >
> I agree, but it's taken this long to get everyone to agree that it's
> time to kill TELNET. ;-) Actually, I see no point in allowing TELNET
> access at all. Sending passwords in the clear isn't good, even for hobby
> accounts users don't care about.
Some people still run telnet because SSH refuses to connect if the
cipher is too old or whatever. Of course, it would be arguably more
secure than telnet.
It might be a problem for hobbyists to have a current enough ssh to
connect to wherever they want to connect.
When using certificates, the problem is worse: if the certificate is not
recognized, then the secure protocol won't work, so people keep the
unsecure one running. Even though the connection might not be
authenticated, it is still encrypted.
I understand why one wants to have both. But saying "if you can't do it
well, you can't do it at all" is probably the main reason the insecure
protocols are still found.
More information about the Info-vax
mailing list