Securing telnet - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Securing telnet

An update for everyone, since I figure I owe it to the group...

I ended up implementing a chroot jail on my machine using a bit of code
called chrootshell. It performs the chroot after login on any interface
(telnet or ssh in our case), then uses the chroot's etc/passwd to set
the user up with a real shell. I had to build a miniature filesystem for
the chroot jail, but it worked quite well.

We didn't implement one-time passwords or Kerberos simply due to time.
Of the 8 teams, 5 of them (including my team) were able to sniff most of
the telnet passwords and gain user access to the other teams' boxes. The
teams that got into our box weren't able to do anything but create a
text file as evidence, so I consider it a success. I know for future
reference that I will be trying out one-time passwords and creating my
own PAM library, whenever I have some free time. Thanks again for all
the help!

aim: courtarro

Site Timeline