Firstly sorry, maybe dumb question, but I have one service running on my server which can be operated only by telnet (port 23), but I know that telnet is insecure, so I blocked port 23 in iptables except loopback interface (to be not accessible from internet, but only from localhost).
首先抱歉,也许是愚蠢的问题,但是我的服务器上运行了一个只能通过telnet(端口23)运行的服务,但是我知道telnet是不安全的,所以我在iptables中阻止端口23,除了loopback接口(不是可从互联网访问,但仅限本地主机)。
So my idea is that I connect to the server using SSH and then in SSH session I will connect to telnet localhost 23, so I wonder if it is safe or if it can be sniffed.
所以我的想法是我使用SSH连接到服务器然后在SSH会话中我将连接到telnet localhost 23,所以我想知道它是否安全或是否可以被嗅探。
2 个解决方案
#1
19
The traffic cannot be sniffed. It is not ideal, but it is safe from sniffing at least at the network level. Obviously, if the server is compromised, the traffic can be sniffed, but you will have other problems by then.
交通无法被嗅探。它并不理想,但至少在网络层面上嗅探是安全的。显然,如果服务器受到攻击,可以嗅探流量,但到那时您将遇到其他问题。
#2
30
Yes. Controlling a Telnet client through an SSH tunnel is, in practice, as safe from eavesdropping as using any other program (e.g. a Bash shell) through the tunnel.
是。实际上,通过SSH隧道控制Telnet客户端与通过隧道使用任何其他程序(例如Bash shell)一样可以避免窃听。
Telnet is called an insecure protocol because Telnet traffic is plain text which can be read and modified by anyone on the route between client and server (a man-in-the-middle attack). But if you're exchanging packets with localhost, there is no actual network traffic leaving the machine that could be sniffed or intercepted. Both Telnet client and server are on the same host, and the fact that you're using SSH to connect to that host doesn't put that local connection at risk.
Telnet称为不安全协议,因为Telnet流量是纯文本,客户端和服务器之间的路由上的任何人都可以读取和修改(中间人攻击)。但是,如果您与localhost交换数据包,则没有实际网络流量离开机器可能被嗅探或截获。 Telnet客户端和服务器都位于同一主机上,并且您使用SSH连接到该主机这一事实并未使该本地连接处于危险之中。
#1
19
The traffic cannot be sniffed. It is not ideal, but it is safe from sniffing at least at the network level. Obviously, if the server is compromised, the traffic can be sniffed, but you will have other problems by then.
交通无法被嗅探。它并不理想,但至少在网络层面上嗅探是安全的。显然,如果服务器受到攻击,可以嗅探流量,但到那时您将遇到其他问题。
#2
30
Yes. Controlling a Telnet client through an SSH tunnel is, in practice, as safe from eavesdropping as using any other program (e.g. a Bash shell) through the tunnel.
是。实际上,通过SSH隧道控制Telnet客户端与通过隧道使用任何其他程序(例如Bash shell)一样可以避免窃听。
Telnet is called an insecure protocol because Telnet traffic is plain text which can be read and modified by anyone on the route between client and server (a man-in-the-middle attack). But if you're exchanging packets with localhost, there is no actual network traffic leaving the machine that could be sniffed or intercepted. Both Telnet client and server are on the same host, and the fact that you're using SSH to connect to that host doesn't put that local connection at risk.
Telnet称为不安全协议,因为Telnet流量是纯文本,客户端和服务器之间的路由上的任何人都可以读取和修改(中间人攻击)。但是,如果您与localhost交换数据包,则没有实际网络流量离开机器可能被嗅探或截获。 Telnet客户端和服务器都位于同一主机上,并且您使用SSH连接到该主机这一事实并未使该本地连接处于危险之中。