Δαφνη Ευτυχια Αρθουρος

Enh, telnet is fine if it's all internal and the network isn't open to the Internet. Or if it's Kerberized/GSSAPI-ized. (that said, I almost always use ssh...)

I should have said "this terminal window" ...

Actually, I'm currently using telnet, ssh, rsh+kerberos, remote xterm, and local .. uh ... sort-of-xterm-like-thingie-called-'terminal'-in-the-Debian-app-menu -- all at the same time, to connect to different places inside and outside my house. Kerberos is a new thing for me (replacing SKey for the one site I had been using SKey to log into), and I'm still training my fingers to reach for PuTTy (SSH) instead of NetTerm (telnet) under Windows, but I have managed to acquire the habit of using SSH (and sftp) from a Linux desktop to connect to systemsoutside of my personal (NAT-hidden so far) LAN and to a couple of recently-installed boxes in the house that use distros that only answer SSH by default.

I still bump into SSH key ('certificate'?)<->IP-address issues for services (such as Panix) where their load-balancing setup means different hosts can respond each time I try to connect to the same hostname -- I've been going directly to the same host every time as a workaround (i.e. 'panix5.panix.com' instead of 'panix.com'), which won't help their load balancing if too many of their other customers do the same thing.

I still find vanilla telnet a lot faster for on-my-own-LAN connections (I suspect the problem is in the "pop up a new window for the password" feature rather than the SSH protocol itself; at some point I'll search for a way to turn that off and have the password prompt appear in the main window, to see whether my guess is right). Having belatedly gotten around to looking at Kerberos (which I'd been hearing about for ... decades?) I'm thinking that ifwhen I get around to setting it up properly throughout the house it'll be even more convenient than telnet (especially on those occasions when I want to use scp/rcp to hit directories not on the file server).

If I ever get around to getting a block of IPv6 addresses so that I can access individual machines when I'm away from home (or expose services I want to share that aren't running on the current NAT box), I'll have to tighten up security within my LAN a lot more than how I've got things set up now.

(Er ... which tangentially brings up questions of how widespread the ability to connect to remote sites via IPv6 is in the areas I'm likely to want to connect from ... but that's a whole 'nuther issue.)