LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   remote telnet without password (http://www.linuxquestions.org/questions/linux-newbie-8/remote-telnet-without-password-602707/)

shipon_97 11-27-2007 05:50 AM

remote telnet without password
 
Dear friends ,

I want to telnet another server without pressing any "username" and "password" .

I can ftp to another server using following cpmmand :

lflt root:passwd@192.168.10. << !

Like the above way, can I telnet remote server ? If it is possible , then plz help me .. ...

matthewg42 11-27-2007 06:28 AM

You can use ssh instead of telnet, and configure public key authentication. That is the "proper" way to do it.

If you want to incur the wrath of all self-respecting nerds who care about security (and all nerds should care about security), you can write a small script using expect to automate telnet logins and then pass control back to the user.

A typical expect script would look something like this:
Code:

#!/usr/bin/expect

spawn "telnet" "the.host.machine"

expect "Login:"
send "youruser\r"
expect "Password:"
send "yourpassword\r"
expect "Login successful"
interact

There are two main problems with this approach:
  • telnet send the login credentials un-encrypted, so anyone who can see network traffic along the route to the remote host can sniff your password with minimal effort. For this reason, telnet should really be avoided whenever possible.
  • you have to store the username and password in a script. This might seem like no big deal, but it is. Firstly it's a security risk. That password is written to the drive. Someone may get access to the file and read it, or they may get hold of the disk after it is decommissioned, and get the password, even if the drive has been wiped - it is still possible to recover data from "deleted" disks a lot of the time...
    A more immediate problem is maintainability. If you write one script to do this, you will probably write another. And another. Sooner or later you end up with dozens of scripts, scattered all over the place, and then... you need to change your password and it is a nightmare to update everything.

So my advice is do not use expect/telnet. Not that I expect you follow this advice (get it? expect? -nevermind)...

b0uncer 11-27-2007 07:43 AM

I agree, and advice you to stay out of telnet when possible, and moreover never store/write your username/passwords in cleartext to any files nor commands. If it was ok, your Linux would never hide the password you are typing, your Windows would never print asterisks when you're typing a password, and we wouldn't need ssh nor public key authentication.

So, shortly said:
- telnet is easy, but so is ssh - just as easy
- telnet is convenient, you don't need any fancy public keys generated! And anybody who wants can capture the packets you send/receive, and see everything in plain text, your passwords and all
- expect is nice, you can automate your logins - and basically hand over your login information to anyone who is able to break into your account (or in telnet's case just capture the packages with any one of the simple tools freely available on the net, possibly preinstalled on their OS too)
- if you have no valuable information to exchange, you don't need to connect to the other end
- if you do connect to the other end, you have some valuable information you'd like to send or receive, and you wouldn't want everybody to be able to do that; this is why you want to secure the connection, and not use the most unsecure options available
- after configuring ssh it's just as easy to use as telnet (or anything), so there is no sane reason not to do it

matthewg42 11-27-2007 09:07 AM

Quote:

Originally Posted by b0uncer (Post 2972170)
- after configuring ssh it's just as easy to use as telnet (or anything), so there is no sane reason not to do it

You're quite right, and yet so many people are reluctant to use it for some reason. I think the usual reason for this is that they are not the admin on one or both machines, and think that if they ask for ssh or sshd to be installed it will be too much hassle.

The failure of understanding in this case is how much hassle it will be to get another job when their shortcut leads to a security compromise...

blueCow 11-27-2007 04:35 PM

I cannot believe anyone is still using telnet. For one, its not enabled by default on any modern system anymore. So you have to be savvy enough to edit your inetd.conf to enable it. If you know this much you should definitely be using openssh (or the ssh server of your choice). If typing passwords is not your thing, setting up public key authentication is ridiculously easy. It's a total of 7-8 commands.


All times are GMT -5. The time now is 12:27 AM.