Comment Re:telnetd NOT on "by default" in Solaris 10 (Score 1) 342
1. It seems to me that the best thing to do is make sure CONSOLE=/dev/console is in /etc/default/login and not commented out. Force all who need to login directly as root to do so via the system console. Otherwise do an "su" or install "sudo".
2. Disable telnet. Use SSH. Make it a mandatory policy, no ifs ands or buts. Who in their right mind would run telnet on an Internet attached server? Believe it or not, my company's CorpSec would. So that when we need remote access when on-call we use an RSA keychain fob to authenticate. But everything we do in cleartext and they can read what we do. Which why they won't allow SSH through the firewall. --
2. Disable telnet. Use SSH. Make it a mandatory policy, no ifs ands or buts. Who in their right mind would run telnet on an Internet attached server? Believe it or not, my company's CorpSec would. So that when we need remote access when on-call we use an RSA keychain fob to authenticate. But everything we do in cleartext and they can read what we do. Which why they won't allow SSH through the firewall. --