Sign in with
Sign up | Sign in
Your question

Safely using telnet and groups ..

Last response: in Windows XP
Share
Anonymous
June 5, 2005 2:16:14 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

OK, I have been doing lots of googling and still have
not found the answer. OS is XP PRO on the house
machines (workgroup) behind a router. I want to be
able to telnet into one from my main machine, however
most of the information I have found says not to have
the telnet server enabled. I have not been able to figure
out if there is a way to set up the groups/protection so
that the machine will only accept a telnet connection from
me on my machine to the other one ... is there a way to
specify machine\user instead of just user in a group ??
I have found a number of references and MS KB articles
on creating/using the TelnetClients group (and the side
effects of that), but I still have not figured out if I can limit
it to one user on one machine that has access via telnet
to the other machine. Can you specify machine\user
for a group member in a workgroup environment ??
I guess one option that would make it a bit safer would be
to also use a different port for the telnet (since it does not
have to go through the router, that should be OK). My
LAN is reasonably (LOL) secure - the usual AV, spybot etc ...
counteracted by a 15 year old male ... sigh. Busy tightening
the protections (and having serious talks with him about
consequences).

More about : safely telnet groups

June 5, 2005 12:19:02 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Mike Fields wrote:

> OK, I have been doing lots of googling and still have
> not found the answer. OS is XP PRO on the house
> machines (workgroup) behind a router. I want to be
> able to telnet into one from my main machine, however
> most of the information I have found says not to have
> the telnet server enabled. I have not been able to figure
> out if there is a way to set up the groups/protection so
> that the machine will only accept a telnet connection from
> me on my machine to the other one ... is there a way to
> specify machine\user instead of just user in a group ??
> I have found a number of references and MS KB articles
> on creating/using the TelnetClients group (and the side
> effects of that), but I still have not figured out if I can limit
> it to one user on one machine that has access via telnet
> to the other machine. Can you specify machine\user
> for a group member in a workgroup environment ??
> I guess one option that would make it a bit safer would be
> to also use a different port for the telnet (since it does not
> have to go through the router, that should be OK). My
> LAN is reasonably (LOL) secure - the usual AV, spybot etc ...
> counteracted by a 15 year old male ... sigh. Busy tightening
> the protections (and having serious talks with him about
> consequences).

I think the main issue to settle is why do you want to do this and what
sort of data will be transmitted. If you only want to do this once in a
while I could see using Telnet (actually, I would never use Telnet for
anything); however, if you want to routinely transfer data that you
wouldn't want others to sniff then set up a VPN instead. Or use the
Windows version of ssh which I believe is PuTTy.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Anonymous
June 5, 2005 2:38:32 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Malke" <invalid@not-real.com> wrote in message
news:%2331koHeaFHA.3488@tk2msftngp13.phx.gbl...
> Mike Fields wrote:
>
> > OK, I have been doing lots of googling and still have
> > not found the answer. OS is XP PRO on the house
> > machines (workgroup) behind a router. I want to be
> > able to telnet into one from my main machine, however
> > most of the information I have found says not to have
> > the telnet server enabled. I have not been able to figure
> > out if there is a way to set up the groups/protection so
> > that the machine will only accept a telnet connection from
> > me on my machine to the other one ... is there a way to
> > specify machine\user instead of just user in a group ??
> > I have found a number of references and MS KB articles
> > on creating/using the TelnetClients group (and the side
> > effects of that), but I still have not figured out if I can limit
> > it to one user on one machine that has access via telnet
> > to the other machine. Can you specify machine\user
> > for a group member in a workgroup environment ??
> > I guess one option that would make it a bit safer would be
> > to also use a different port for the telnet (since it does not
> > have to go through the router, that should be OK). My
> > LAN is reasonably (LOL) secure - the usual AV, spybot etc ...
> > counteracted by a 15 year old male ... sigh. Busy tightening
> > the protections (and having serious talks with him about
> > consequences).
>
> I think the main issue to settle is why do you want to do this and what
> sort of data will be transmitted. If you only want to do this once in a
> while I could see using Telnet (actually, I would never use Telnet for
> anything); however, if you want to routinely transfer data that you
> wouldn't want others to sniff then set up a VPN instead. Or use the
> Windows version of ssh which I believe is PuTTy.
>
> Malke
> --

OK, thanks - it is more a case of wanting to sometimes get into the
machine to check a file or copy a file over (yes, I could also map the
drive). Not worried about sniffing - nothing in the data and I am behind
the router. It was more a case of trying to figure out what the rules
were and if I could specify a particular machine only to have access
(which I still have not figured out). One of those cases of starting out
to do something simple but then you want to learn in the process and
are unable to find the answers (I think I ended up "google eyed" yesterday).

mikey
Related resources
June 5, 2005 6:47:53 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Mike Fields wrote:

>
> "Malke" <invalid@not-real.com> wrote in message
> news:%2331koHeaFHA.3488@tk2msftngp13.phx.gbl...
>> Mike Fields wrote:
>>
>> > OK, I have been doing lots of googling and still have
>> > not found the answer. OS is XP PRO on the house
>> > machines (workgroup) behind a router. I want to be
>> > able to telnet into one from my main machine, however
>> > most of the information I have found says not to have
>> > the telnet server enabled. I have not been able to figure
>> > out if there is a way to set up the groups/protection so
>> > that the machine will only accept a telnet connection from
>> > me on my machine to the other one ... is there a way to
>> > specify machine\user instead of just user in a group ??
>> > I have found a number of references and MS KB articles
>> > on creating/using the TelnetClients group (and the side
>> > effects of that), but I still have not figured out if I can limit
>> > it to one user on one machine that has access via telnet
>> > to the other machine. Can you specify machine\user
>> > for a group member in a workgroup environment ??
>> > I guess one option that would make it a bit safer would be
>> > to also use a different port for the telnet (since it does not
>> > have to go through the router, that should be OK). My
>> > LAN is reasonably (LOL) secure - the usual AV, spybot etc ...
>> > counteracted by a 15 year old male ... sigh. Busy tightening
>> > the protections (and having serious talks with him about
>> > consequences).
>>
>> I think the main issue to settle is why do you want to do this and
>> what sort of data will be transmitted. If you only want to do this
>> once in a while I could see using Telnet (actually, I would never use
>> Telnet for anything); however, if you want to routinely transfer data
>> that you wouldn't want others to sniff then set up a VPN instead. Or
>> use the Windows version of ssh which I believe is PuTTy.
>>
>> Malke
>> --
>
> OK, thanks - it is more a case of wanting to sometimes get into the
> machine to check a file or copy a file over (yes, I could also map the
> drive). Not worried about sniffing - nothing in the data and I am
> behind
> the router. It was more a case of trying to figure out what the rules
> were and if I could specify a particular machine only to have access
> (which I still have not figured out). One of those cases of starting
> out to do something simple but then you want to learn in the process
> and are unable to find the answers (I think I ended up "google eyed"
> yesterday).
>
> mikey

I know the feeling. ;-) Why telnet, though? I think you'd have more
control using something like RealVNC or pcAnywhere. You would have to
set your router to forward the traffic to your home computer (and open
the necessary ports in your firewall), but you'd have the ability to
control the home computer, transfer files, etc. with the security of
using an encrypted password to get in. That's the main concern about
Telnet - it sends passwords in clear text. That's why you don't want a
Telnet server on your computer. The ssh process used in *nixes is a
telnet-like app, but uses encryption. I use pcAnywhere to support my
brother's pc, but RealVNC is free if that is a concern.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Anonymous
June 6, 2005 10:09:26 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Malke" <invalid@not-real.com> wrote in message
news:%23av36ghaFHA.2180@TK2MSFTNGP12.phx.gbl...
> Mike Fields wrote:
>
> >
> > "Malke" <invalid@not-real.com> wrote in message
> > news:%2331koHeaFHA.3488@tk2msftngp13.phx.gbl...
> >> Mike Fields wrote:
> >>
> >> > OK, I have been doing lots of googling and still have
> >> > not found the answer. OS is XP PRO on the house
> >> > machines (workgroup) behind a router. I want to be
> >> > able to telnet into one from my main machine, however
> >> > most of the information I have found says not to have
> >> > the telnet server enabled. I have not been able to figure
> >> > out if there is a way to set up the groups/protection so
> >> > that the machine will only accept a telnet connection from
> >> > me on my machine to the other one ... is there a way to
> >> > specify machine\user instead of just user in a group ??
> >> > I have found a number of references and MS KB articles
> >> > on creating/using the TelnetClients group (and the side
> >> > effects of that), but I still have not figured out if I can limit
> >> > it to one user on one machine that has access via telnet
> >> > to the other machine. Can you specify machine\user
> >> > for a group member in a workgroup environment ??
> >> > I guess one option that would make it a bit safer would be
> >> > to also use a different port for the telnet (since it does not
> >> > have to go through the router, that should be OK). My
> >> > LAN is reasonably (LOL) secure - the usual AV, spybot etc ...
> >> > counteracted by a 15 year old male ... sigh. Busy tightening
> >> > the protections (and having serious talks with him about
> >> > consequences).
> >>
> >> I think the main issue to settle is why do you want to do this and
> >> what sort of data will be transmitted. If you only want to do this
> >> once in a while I could see using Telnet (actually, I would never use
> >> Telnet for anything); however, if you want to routinely transfer data
> >> that you wouldn't want others to sniff then set up a VPN instead. Or
> >> use the Windows version of ssh which I believe is PuTTy.
> >>
> >> Malke
> >> --
> >
> > OK, thanks - it is more a case of wanting to sometimes get into the
> > machine to check a file or copy a file over (yes, I could also map the
> > drive). Not worried about sniffing - nothing in the data and I am
> > behind
> > the router. It was more a case of trying to figure out what the rules
> > were and if I could specify a particular machine only to have access
> > (which I still have not figured out). One of those cases of starting
> > out to do something simple but then you want to learn in the process
> > and are unable to find the answers (I think I ended up "google eyed"
> > yesterday).
> >
> > mikey
>
> I know the feeling. ;-) Why telnet, though? I think you'd have more
> control using something like RealVNC or pcAnywhere. You would have to
> set your router to forward the traffic to your home computer (and open
> the necessary ports in your firewall), but you'd have the ability to
> control the home computer, transfer files, etc. with the security of
> using an encrypted password to get in. That's the main concern about
> Telnet - it sends passwords in clear text. That's why you don't want a
> Telnet server on your computer. The ssh process used in *nixes is a
> telnet-like app, but uses encryption. I use pcAnywhere to support my
> brother's pc, but RealVNC is free if that is a concern.
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User

Heh ! In this case, all computers involved are on the LAN behind the
router (and I do not have any ports opened up through the router) so
that part is "fairly safe". Your suggestions for third party stuff is what
I would be looking into if indeed I was going to open the router/firewall
to the outside. Telnet was just a quick way to get into another computer
in the house when the kids or mom are logged on (since as near as I can
tell, RDT only allows single user at a time). After dealing with the stupid
machine at work today, I think the best computer "repair" tool is a
large hammer !!

mikey
June 7, 2005 12:19:46 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Mike Fields wrote:

>
> Heh ! In this case, all computers involved are on the LAN behind the
> router (and I do not have any ports opened up through the router) so
> that part is "fairly safe". Your suggestions for third party stuff is
> what I would be looking into if indeed I was going to open the
> router/firewall
> to the outside. Telnet was just a quick way to get into another
> computer in the house when the kids or mom are logged on (since as
> near as I can
> tell, RDT only allows single user at a time). After dealing with the
> stupid machine at work today, I think the best computer "repair" tool
> is a large hammer !!
>
> mikey

Then that does make it easy since you don't need to do any
port-forwarding. I guess you could just use Telnet if you make sure
that the Telnet service is running on all the computers. The problem
is, as you surmised, that if you have a Telnet server running it will
accept connections from anyone who gets the password. And since it
sends the passwords in the clear.... I suppose you might chance it
since you are behind a router; it wouldn't be my choice but that's just
me.

Here are some links to Windows equivalent of ssh:

http://www.chiark.greenend.org.uk/~sgtatham/putty/
http://www.openssh.com/windows.html
http://support.100megswebhosting.com/docs/putty/

That second link lists quite a few programs. Maybe one of them will meet
your needs.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Anonymous
June 7, 2005 1:00:48 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Malke" <invalid@not-real.com> wrote in message
news:uj5wC$waFHA.1384@TK2MSFTNGP09.phx.gbl...
> Mike Fields wrote:
>
> >
> > Heh ! In this case, all computers involved are on the LAN behind the
> > router (and I do not have any ports opened up through the router) so
> > that part is "fairly safe". Your suggestions for third party stuff is
> > what I would be looking into if indeed I was going to open the
> > router/firewall
> > to the outside. Telnet was just a quick way to get into another
> > computer in the house when the kids or mom are logged on (since as
> > near as I can
> > tell, RDT only allows single user at a time). After dealing with the
> > stupid machine at work today, I think the best computer "repair" tool
> > is a large hammer !!
> >
> > mikey
>
> Then that does make it easy since you don't need to do any
> port-forwarding. I guess you could just use Telnet if you make sure
> that the Telnet service is running on all the computers. The problem
> is, as you surmised, that if you have a Telnet server running it will
> accept connections from anyone who gets the password. And since it
> sends the passwords in the clear.... I suppose you might chance it
> since you are behind a router; it wouldn't be my choice but that's just
> me.
>
> Here are some links to Windows equivalent of ssh:
>
> http://www.chiark.greenend.org.uk/~sgtatham/putty/
> http://www.openssh.com/windows.html
> http://support.100megswebhosting.com/docs/putty/
>
> That second link lists quite a few programs. Maybe one of them will meet
> your needs.
>
> Malke
> --

Thanks for the info -- I shall wander off and read up on that.
Thanks for your time.

mikey
!