Safely using telnet and groups ..

[Mike Fields]

OK, I have been doing lots of googling and still have
not found the answer. OS is XP PRO on the house
machines (workgroup) behind a router. I want to be
able to telnet into one from my main machine, however
most of the information I have found says not to have
the telnet server enabled. I have not been able to figure
out if there is a way to set up the groups/protection so
that the machine will only accept a telnet connection from
me on my machine to the other one ... is there a way to
specify machine\user instead of just user in a group ??
I have found a number of references and MS KB articles
on creating/using the TelnetClients group (and the side
effects of that), but I still have not figured out if I can limit
it to one user on one machine that has access via telnet
to the other machine. Can you specify machine\user
for a group member in a workgroup environment ??
I guess one option that would make it a bit safer would be
to also use a different port for the telnet (since it does not
have to go through the router, that should be OK). My
LAN is reasonably (LOL) secure - the usual AV, spybot etc ...
counteracted by a 15 year old male ... sigh. Busy tightening
the protections (and having serious talks with him about
consequences).

 

[Malke]

OK, I have been doing lots of googling and still have
not found the answer. OS is XP PRO on the house
machines (workgroup) behind a router. I want to be
able to telnet into one from my main machine, however
most of the information I have found says not to have
the telnet server enabled. I have not been able to figure
out if there is a way to set up the groups/protection so
that the machine will only accept a telnet connection from
me on my machine to the other one ... is there a way to
specify machine\user instead of just user in a group ??
I have found a number of references and MS KB articles
on creating/using the TelnetClients group (and the side
effects of that), but I still have not figured out if I can limit
it to one user on one machine that has access via telnet
to the other machine. Can you specify machine\user
for a group member in a workgroup environment ??
I guess one option that would make it a bit safer would be
to also use a different port for the telnet (since it does not
have to go through the router, that should be OK). My
LAN is reasonably (LOL) secure - the usual AV, spybot etc ...
counteracted by a 15 year old male ... sigh. Busy tightening
the protections (and having serious talks with him about
consequences).

I think the main issue to settle is why do you want to do this and what
sort of data will be transmitted. If you only want to do this once in a
while I could see using Telnet (actually, I would never use Telnet for
anything); however, if you want to routinely transfer data that you
wouldn't want others to sniff then set up a VPN instead. Or use the
Windows version of ssh which I believe is PuTTy.

Malke

 

[Mike Fields]

I think the main issue to settle is why do you want to do this and what
sort of data will be transmitted. If you only want to do this once in a
while I could see using Telnet (actually, I would never use Telnet for
anything); however, if you want to routinely transfer data that you
wouldn't want others to sniff then set up a VPN instead. Or use the
Windows version of ssh which I believe is PuTTy.

Malke
--

OK, thanks - it is more a case of wanting to sometimes get into the
machine to check a file or copy a file over (yes, I could also map the
drive). Not worried about sniffing - nothing in the data and I am behind
the router. It was more a case of trying to figure out what the rules
were and if I could specify a particular machine only to have access
(which I still have not figured out). One of those cases of starting out
to do something simple but then you want to learn in the process and
are unable to find the answers (I think I ended up "google eyed" yesterday).

mikey

 

[Malke]

OK, thanks - it is more a case of wanting to sometimes get into the
machine to check a file or copy a file over (yes, I could also map the
drive). Not worried about sniffing - nothing in the data and I am
behind
the router. It was more a case of trying to figure out what the rules
were and if I could specify a particular machine only to have access
(which I still have not figured out). One of those cases of starting
out to do something simple but then you want to learn in the process
and are unable to find the answers (I think I ended up "google eyed"
yesterday).

mikey

I know the feeling. ;-) Why telnet, though? I think you'd have more
control using something like RealVNC or pcAnywhere. You would have to
set your router to forward the traffic to your home computer (and open
the necessary ports in your firewall), but you'd have the ability to
control the home computer, transfer files, etc. with the security of
using an encrypted password to get in. That's the main concern about
Telnet - it sends passwords in clear text. That's why you don't want a
Telnet server on your computer. The ssh process used in *nixes is a
telnet-like app, but uses encryption. I use pcAnywhere to support my
brother's pc, but RealVNC is free if that is a concern.

Malke

 

[Mike Fields]

I know the feeling. ;-) Why telnet, though? I think you'd have more
control using something like RealVNC or pcAnywhere. You would have to
set your router to forward the traffic to your home computer (and open
the necessary ports in your firewall), but you'd have the ability to
control the home computer, transfer files, etc. with the security of
using an encrypted password to get in. That's the main concern about
Telnet - it sends passwords in clear text. That's why you don't want a
Telnet server on your computer. The ssh process used in *nixes is a
telnet-like app, but uses encryption. I use pcAnywhere to support my
brother's pc, but RealVNC is free if that is a concern.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Heh ! In this case, all computers involved are on the LAN behind the
router (and I do not have any ports opened up through the router) so
that part is "fairly safe". Your suggestions for third party stuff is what
I would be looking into if indeed I was going to open the router/firewall
to the outside. Telnet was just a quick way to get into another computer
in the house when the kids or mom are logged on (since as near as I can
tell, RDT only allows single user at a time). After dealing with the stupid
machine at work today, I think the best computer "repair" tool is a
large hammer !!

mikey

 

[Malke]

Heh ! In this case, all computers involved are on the LAN behind the
router (and I do not have any ports opened up through the router) so
that part is "fairly safe". Your suggestions for third party stuff is
what I would be looking into if indeed I was going to open the
router/firewall
to the outside. Telnet was just a quick way to get into another
computer in the house when the kids or mom are logged on (since as
near as I can
tell, RDT only allows single user at a time). After dealing with the
stupid machine at work today, I think the best computer "repair" tool
is a large hammer !!

mikey

Then that does make it easy since you don't need to do any
port-forwarding. I guess you could just use Telnet if you make sure
that the Telnet service is running on all the computers. The problem
is, as you surmised, that if you have a Telnet server running it will
accept connections from anyone who gets the password. And since it
sends the passwords in the clear.... I suppose you might chance it
since you are behind a router; it wouldn't be my choice but that's just
me.

Here are some links to Windows equivalent of ssh:

http://www.chiark.greenend.org.uk/~sgtatham/putty/
http://www.openssh.com/windows.html
http://support.100megswebhosting.com/docs/putty/

That second link lists quite a few programs. Maybe one of them will meet
your needs.

Malke

 

[Mike Fields]

Then that does make it easy since you don't need to do any
port-forwarding. I guess you could just use Telnet if you make sure
that the Telnet service is running on all the computers. The problem
is, as you surmised, that if you have a Telnet server running it will
accept connections from anyone who gets the password. And since it
sends the passwords in the clear.... I suppose you might chance it
since you are behind a router; it wouldn't be my choice but that's just
me.

Here are some links to Windows equivalent of ssh:

http://www.chiark.greenend.org.uk/~sgtatham/putty/
http://www.openssh.com/windows.html
http://support.100megswebhosting.com/docs/putty/

That second link lists quite a few programs. Maybe one of them will meet
your needs.

Malke
--

Thanks for the info -- I shall wander off and read up on that.
Thanks for your time.

mikey