Hi there,
I guess that password complexity is not the issue here. It's
incredibly easy to 'sniff' plain text passwords off of a LAN! However if
your happy no one is going to attempt this then telnet without ssh is
fine.
Just my twopennyworth.
Regards JohnG
32865e97b5342e762ab140e00f3da23b - Just 'Debian'
On Thu, 27 Apr 2000, Noah L. Meyerhans wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Thu, 27 Apr 2000, w trillich wrote:
>
> > # apt-get install ssh
> > Reading Package Lists... Done
> > Building Dependency Tree... Done
> > Package ssh has no available version, but exists in the database.
> > This typically means that the package was mentioned in a dependency and
> > never uploaded, has been obsoleted or is not available with the contents
> > of sources.list
> > E: Package ssh has no installation candidate
> >
>
> Add the following line to /etc/apt/sources.list:
> deb http://non-us.debian.org /potato/non-US main contrib non-free
>
> On the other hand, I do not feel as strongly as other posters that telnet
> needs to be disabled in order to have a secure machine. Strong passwords
> will work just as well. I have an account on a large Solaris network
> where telnet has been open for ages, and will continue to be. The passwd
> program in *incredibly* anal about ensuring that all passwords are
> complex. To my knowledge there has never been a significant security
> breach on this network.
>
> noah
>
> PGP Public Key available at http://web.morgul.net/~frodo/mail.html
> or by `finger -l [EMAIL PROTECTED]
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3a
> Charset: noconv
>
> iQCVAwUBOQg6UYdCcpBjGWoFAQHgswP/akY6CGn1dYsk65yTcm5suKjCU28YxgD0
> Z+Hx0s2ftuWnp9BUz6GstO10WHRyOvHJ3wEpHWn8yoti3ywsW53EIGzEznNwC+lv
> tn5P+Z2x4b4320PTKkQY5EBCASW8uH9c4VbF6e66aY68EpqZS9YFtW2ZStWapnm8
> kUzWMob163E=
> =kx57
> -----END PGP SIGNATURE-----
>
>
> --
> Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
>
>
