SUMMARY TCP-wrapper working well

From: Charles Harvey (charles_harvey-oao@imdgw.chinalake.navy.mil)
Date: Wed Jan 15 1997 - 09:55:34 CST


This was my first query of the mailing list and, though I knew from
reading that it is a very professional, polite and knowledgeable group,
I was surprised by the number of (too numerous for individual acks)
instructive replies I recieved within hours. Thank you all.

Here is my question:

Dear friends,
 
 I am running Weitze Venema's tcpd program on Solaris 2.5. I would like
 to log into my work Suns from home but my Internet Service Provider
 gives me a different IP address every time I log in so I can't just put
 an IP in the hosts.allow file. I'm stuck. I have locked myself out. Who
 has a key?
 
 thanks in advance
 
 Sean
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ANSWERS:

Many people suggested adding the entire subnet to hosts.allow; for
example:

in.telnetd: 129.142.55. I had tried this and it didn't work because
O'Reilly's "essential sys admin" gives an example WITHOUT a trailing
period.

another example that was sent: in.telnetd: 129.142.55.0/255.255.255.0

It was suggested to ask my ISP to assign me a static IP address. Some
of them will do this.

Most people also pointed out that logging in and sending passwords
flying across the Internet is inherently unsafe and suggested some
products and techniques.

ssh was mentioned a lot, a package that provides secure login sessions
using encryption. http://www.ssh.fi/

T.I.S. toolkit was mentioned.

One-time password systems were suggested. skey was one. SecureID

--------------------------------------
Date: 1/14/97 3:41 PM
From: Matthew Stier
If your working across the Internet, I definately would not recommend
using
telnet via tcp_wrappers.

Visit the website www.ssh.fi and checkout the ssh protocol.

--
Matthew Stier
matthew.stier@mci.com

Here was an interesting reply that flew over my head but may be of interest to someone: ----------

Two choices:

First: Arrange to have inetd spawn wrappers and telnetd on an +alternate+ port as well as the well known one. On the alternate port have a hosts.allow entry that allows a range of addresses from your ISP to connect to telnetd. Use one time passwords for authentication.

Second: Ask your ISP to assign you a permanent address and so configure PPP. Config hosts.allow's telnet entry to permit that host. Use one time passwords for authentication.

Reto -- R A Lichtensteiger rali@meitca.com -or- rali@world.std.com http://www.meitca.com/ITA/People/rali

-



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:42 CDT