Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I posted a question in the other UNIX section here about how to enable remote root login for telnet. (It was for FreeBSD, which by default does not allow that.) As I expected, the replies I got indicated the use of telnet was a security risk and should be avoided. I totally agree with that. I've tried it before, to no avail, but I'd be willing to try again to convince my boss to disable telnet on our UNIX machines and force the Windows users that need access to them to use ssh (e.g. putty) instead.
I need your help building an argument for this purpose. The main point I'm going to emphasize is that telnet passes authentication information in plain text so a simple network sniffing can steal our sensitive personal information easily. It is even worse if the remote root login via telnet is allowed - we're basically opening the backdoor of our housek, inviting anyone to come in freely.
To that, the IT will probably come back saying it should not be a big deal because we're behind a corporate firewall. I would say that's BS because (1) no firewall is perfect, and (2) we allow outside connections via VPN, which means if one regular user gets his login information stolen, then it won't be hard for the cracker to connect to our corporate network from the outside world and do the sniffing to catch the root account information. That's too big of a chance to take IMO.
Do you guys have any other points that would help strengthen my argument against the use of telnet? If you do, I'd much appreciate your sharing it with me. Also, if I'm wrong on anything that I've written above, I'd appreciate your corrections.
as far as plaintext and all, it's something i see vast amounts of on a daily basis, but then we also have plaintext credit card numbers flying around our LAN, and hosted WAN come to that... so with the ability to get 30,000 credit card numbers in a single days sniffing, passwords would come a long way down the list!
What you want to do is totally honourable, but within the "real world" view people love to take, it's not likely. and no, it's not likely that it will ever be exploited, so you're left having to play on the "what if" factor, cos you can bet if it ever did get exploited, the network and server admins feet wouldn't touch the ground, yours included. tough call for sure. something i'm certainly trying to enforce. conveniently for me though, i firewall about just everything in sight with a network topology designed with that in mind, and anything involving port 23 just gets rejected...
My boss somewhat proved your point. He replied to my short mail that told him I *might* give him an "offcial suggestion" to streamline our remote connection software to ssh (i.e. get rid of telnet). He basically says it's not going to happen.
but I'd be willing to try again to convince my boss to disable telnet on our UNIX machines and force the Windows users that need access to them to use ssh (e.g. putty) instead.
How are the UNIX users going to connect to the Windows boxes though? It'd have to be telnet or a Terminal Server client, and the latter means mandatory Xorg, something many UNIX admins like to avoid, if possible, especially on servers.
In a mixed environment there's still some need for telnet. [begin rant] I'd say complain to Bill Gates about it but Microsoft has moved way past the "respond to customer's needs" phase of the corporate lifecycle. They're now in the "government approved monopoly" phase. So they don't need our money or opinions anymore. The bankers have everything they need and the Fed will print more if they run out. Even if no one ever bought another copy of Windows they'd keep growing through mergers and acquisitions (buying up other companies.) Why waste your breath then? It'd just be a lesson in futility... [end rant]
How are the UNIX users going to connect to the Windows boxes though? It'd have to be telnet or a Terminal Server client, and the latter means mandatory Xorg, something many UNIX admins like to avoid, if possible, especially on servers.
Hi Crito.
Almost all our engineers use Windows. Only two of us, including myself, use Linux on our desktop computers. Our UNIX machines are kept in the server room. The engineers access them via telnet/ssh in order to build/debug/test the *NIX versions of our products.
We do have centralized Windows boxes for testing, too. The Windows users access them via Remote Desktop. When us Linux guys need access to them, we'll use rdesktop.
How are the UNIX users going to connect to the Windows boxes though? It'd have to be telnet or a Terminal Server client, and the latter means mandatory Xorg, something many UNIX admins like to avoid, if possible, especially on servers.
what's wrong with just runnign ssh under windows? hardly taxing...
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789
Rep:
I'm seeing unsecure services being phased out from many companies networks for at least two reasons: vulnerabilities and SOX (or similar) compliance auditing.
Maybe the latter reason will help convincing your boss to change his mind as Telnet and FTP are obviously in violation of these regulations.
My boss somewhat proved your point. He replied to my short mail that told him I *might* give him an "offcial suggestion" to streamline our remote connection software to ssh (i.e. get rid of telnet). He basically says it's not going to happen.
Oh well.
At this point, I'd suggest you drop it. It's frustrating, I know, but that's the way the telnet crumbles.
We once put up a simple GUI based encrypted method to allow one of our customers to transfer their nightly data. They rejected the encryption part of it and we had to remove it. Go figure!
At this point, I'd suggest you drop it. It's frustrating, I know, but that's the way the telnet crumbles.
I agree. I'm getting really frustrated over this already. To me, it's a no-brainer. I just don't undetstand why my boss is so adamant about keeping telnet alive, except if he simply wants to keep using his telnet software on Windows.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.