On Tue, 15 Jan 2002, Jimmy Jam wrote: > I was told on this list that telnet is quite unsafe and provides > serious security loopholes Yup, major holes, unencrypted passwords, YUCK. > What if telnet is used behind a firewall? That should be safe > right? As long as no one from outside can telnet into you, yes. Be careful of who's on your network since your passwords and sessions are in plain text, it's easy to sniff the telnet session. > What if the telnet port (23) is exposed to the outside wall via > a firewall? Is that still unsafe? BAD BAD BAD. Turn off telnet completely. Telnet, by design, is a text only protocol. When you type your root password (or any password for that matter) it goes along the line unencrypted and easily sniffable. Logging into telnet is basically giving away your passwords to anyone on the internet who wants them. Add in the latest exploit found in the telnet daemon, and you've got a really insecure admin tool. www.openssh.org -Brian