Solved

Need a secure TELNET connection to work. Secure Telnet? VPN?

Posted on 2014-07-28
19
341 Views
Last Modified: 2014-09-20
We are running PICK (D3 flavor) on Red Had Linux. I want a secure way remote users can connect and keep our server secure.

I have done some preliminary work and utilized a second public IP and set up a Router with a 192.168.2.* network.
Our main network is 192.168.1.*

We use a terminal emulator software to access PICK called TinyTerm ITX and in an effort to try to a secure connection,
on the main 1.1 Router I made Port Forwarding connection from External 992 to Internal 23 port. Everything worked fine.

1) Is that Secure?
2) Is it possible to be more secure by utilizing an SSL VPN router and/or VPN software using the 2.* network?
3) Is possible to setup a server or computer on the 2.* network to then connect only to the 1.* network PICK server and nothing else? We currently have a Mac mini server that isnt being used. Also a new HP computer. Should we use mac mini server or some flavor of Linux for this?  Also, how do I setup that "man in the middle" server or PC to only communicate with the PICK server and nothing else on the network? Some kind of static route or ?

Need your advice and help.

Sincerely,
Happytech
0
Comment
Question by:TheHappyTech
  • 8
  • 6
  • 2
  • +1
19 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 250 total points
ID: 40223752
Most people use SSH for a secure terminal connection.  SSH is not SSL.
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40223763
I recommend you implement SSH instead of Telnet as SSH is secure.  You could implement VPN, SSL VPN, etc. but in my opinion, SSH suffices and eliminates the needs of VPN, etc.  For a SSH client, I recommend using PUTTY or TerraTerm if there is no budget to purchase software.  Else I recommend SecureCRT as it is widely used and very user friendly.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40224748
SSH can also forward X11 and database connections over same encrypted channel. that should greatly ease firewall setup.

Which terminal mode you use on tinyterm itx? I'd suggest trying absolutely free putty instead if used terminal type overlaps.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 

Author Comment

by:TheHappyTech
ID: 40224751
Ok, here is one issue with SSH.

When someone connects through SSH from the outside, they will come to our RH linux login. (We do that for our
Linux person). But if someone connects through telnet, they get the login for PICK.

1) Is that something maybe encoded into Linux?

2) Can I port forward from an outside port (2222 for example) to internal port 22 and still be secure?

Thank you kindly Dave and Mohammed
0
 
LVL 62

Expert Comment

by:gheist
ID: 40224903
In linux you can select inital shell for each user. Either PICK, or bash, or nologin.
0
 

Author Comment

by:TheHappyTech
ID: 40225043
Here is the interesting thing (I say this as a Windows person with little PICK or Linux experience),
the PICK login is set to "nologin."
0
 
LVL 62

Expert Comment

by:gheist
ID: 40225076
There is one user that owns DB files. Or apache files or whatever. That should not log in.
0
 

Author Comment

by:TheHappyTech
ID: 40225274
We have only the administrator, the outside Linux consultant and PICK users on the linux server.
All the rest of the users are PICK/D3 users so I guess the PICK software is handling that.

How can I make PICK users, who will access remotely use SSH?
Because right now if someone connects with SSH (port 22) they get a Linux prompt,
but if they connect with Telnet (port 23) they automatically get to a Pick login/password screen.

Is there somewhere in Linux and/or in the PICK software I can make PICK users use SSH and still get to
a PICK login? (I hope I am wording that correctly).

HappyTech
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 250 total points
ID: 40225347
netstat -nap | grep LISTEN

What is listening on port 23 and what on 22?
should be xinetd and sshd in normal linux
0
 

Author Comment

by:TheHappyTech
ID: 40225743
I ran the command and couldnt find xinetd or sshd unfortunately.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40226024
Can you help by teling what program is serving your telnet port and what program is serving your ssh port?
0
 

Author Comment

by:TheHappyTech
ID: 40233169
Excellent question Gheist. I know we are using Red Hat Linux and PICK (D3 flavor).

Is there a way I can find myself which program serves telnet and ssh?

Ben
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40233199
In a 'plain' system, 'telnetd' would serve telnet connections and 'sshd' would serve SSH connection.  You would normally find these in your 'services' list.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40233611
netstat -nap | grep 2[12]
0
 

Author Comment

by:TheHappyTech
ID: 40311515
I've requested that this question be deleted for the following reason:

too complicated...
0
 
LVL 62

Expert Comment

by:gheist
ID: 40311516
It does not mean nobody helped you.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40314186
Split between:
Common sense - use SSH http:#a40223752
Assess network services - http:#a40225347
(by where asker gave up it should have yielded good recipe on how to secure telnet and pick connections)
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, As I have seen there a lot of requests regarding monitoring and reporting for exchange 2007 / 2010 / 2013 I have decided to post some thoughts together and link to articles that have helped me. Of course a lot of information you can get…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question