This was my first query of the mailing list and, though I knew from
reading that it is a very professional, polite and knowledgeable group,
I was surprised by the number of (too numerous for individual acks)
instructive replies I recieved within hours. Thank you all.
Here is my question:
I am running Weitze Venema's tcpd program on Solaris 2.5. I would like
to log into my work Suns from home but my Internet Service Provider
gives me a different IP address every time I log in so I can't just put
an IP in the hosts.allow file. I'm stuck. I have locked myself out. Who
has a key?
thanks in advance
Many people suggested adding the entire subnet to hosts.allow; for
in.telnetd: 129.142.55. I had tried this and it didn't work because
O'Reilly's "essential sys admin" gives an example WITHOUT a trailing
another example that was sent: in.telnetd: 188.8.131.52/255.255.255.0
It was suggested to ask my ISP to assign me a static IP address. Some
of them will do this.
Most people also pointed out that logging in and sending passwords
flying across the Internet is inherently unsafe and suggested some
products and techniques.
ssh was mentioned a lot, a package that provides secure login sessions
using encryption. http://www.ssh.fi/
T.I.S. toolkit was mentioned.
One-time password systems were suggested. skey was one. SecureID
Date: 1/14/97 3:41 PM
From: Matthew Stier
If your working across the Internet, I definately would not recommend
telnet via tcp_wrappers.
Visit the website www.ssh.fi and checkout the ssh protocol.
-- Matthew Stier email@example.com
Here was an interesting reply that flew over my head but may be of interest to someone: ----------
First: Arrange to have inetd spawn wrappers and telnetd on an +alternate+ port as well as the well known one. On the alternate port have a hosts.allow entry that allows a range of addresses from your ISP to connect to telnetd. Use one time passwords for authentication.
Second: Ask your ISP to assign you a permanent address and so configure PPP. Config hosts.allow's telnet entry to permit that host. Use one time passwords for authentication.
Reto -- R A Lichtensteiger firstname.lastname@example.org -or- email@example.com http://www.meitca.com/ITA/People/rali
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:42 CDT