Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-01-2017, 02:21 PM
|
#1
|
Member
Registered: Oct 2004
Distribution: Debian/Ubuntu, Arch, Gentoo, Void
Posts: 140
Rep:
|
Does there remain even a small niche for telnet in the 21st century?
Ok, everyone knows how insecure telnet is. At least everyone who has been alive and involved with computers since the dawn of the 21st century. Its weaknesses are well known, and it has been consigned to near oblivion as a result. I know this, you know this, we all know this. And we all use ssh with key pairs when we need to initiate remote sessions over an internet connection as a result. Case closed.
But telnet remains around. It's available in Arch repositories, for example, and in Void's too. Probably all major Debian derivatives include it too (it's in the repositories for Ubuntu 14.04--the only Debian variant to which I have access at the moment). So it's still being used. I believe I've used it within the last 5 years for some sort of openwrt router administration tasks, for example. So there is a very limited range of scenarios in which telnet remains an appropriate tool: based on recent personal experience, one such use scenario is within the confines of a private LAN.
Which gets me thinking. I regularly need to access consoles on machines on my local LAN, and I'm not sure the added bother of using ssh authentication and private keys is justified for such a scenario. So I've begun considering whether telnet might not be a viable option for initiating remote shell sessions within this sheltered environment. It could be less complex than using ssh for that, since I could script some way of sending credentials. Heck, I could even make new accounts with new credentials and limited privileges on those machines, and use su to access a more privileged account once logged in there.
So, what are the hazards in such a scenario? Log-in credentials appearing in bash history is one. That could be a problem if someone were to gain physical access to a machine located in my domicile. Ok. I suppose another possible hazard would be someone penetrating my firewall and getting onto my LAN and snooping traffic there--another means by which credentials could be pilfered and other traffic captured. Or, someone local might defeat my wifi network's WPA encryption and similarly snoop traffic and pilfer telnet credentials and traffic. Those are the possible hazards I can think of.
What are some others? What other good reasons should I take into consideration for not running telnet on my private LAN in order to establish shell sessions between my local hosts? Input will be appreciated.
Last edited by jamtat; 09-01-2017 at 05:41 PM.
|
|
|
09-01-2017, 03:39 PM
|
#2
|
Moderator
Registered: Mar 2008
Posts: 22,144
|
We run in on a lan that has no outside access on some older QNX systems. It was easier to isolate the lan then to try to redo everything.
Is telnet less than secure on a home lan? Well, maybe. The question may be how well the lan is secure by some UTM device or firewall. If you have left your lan vulnerable and most do then telnet is much more easily attacked. There are ways to minimize risk and that is all you really can do in every situation. Your risk level is the question here.
|
|
|
09-01-2017, 03:41 PM
|
#3
|
LQ Guru
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,954
|
There are a few. Telnet console access from virtual host to guest is one, I also use the telnet protocol to for BBS access over internet, lthough that COULD be piped over SSH or an SSL tunnel. Also, maintaining ancient legacy servers that do nto support newer protocols.
I use the telnet CLIENT often, but use of telnet SERVER is pretty rare. There are some special cases where security just does not matter much.
|
|
|
09-05-2017, 06:37 AM
|
#4
|
LQ Newbie
Registered: Feb 2016
Posts: 11
Rep:
|
I often use telnet to communicate with my virtual machines, if you don't care about the security then go ahead.
|
|
|
09-05-2017, 07:46 AM
|
#5
|
LQ Guru
Registered: Oct 2003
Location: Bonaire, Leeuwarden
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,195
|
I wouldn't want to miss telnet if I have to test a connection. Telnetting to port 80, 25, 443, 587, 110 or 3389 shows me if there is "something" on the other side and if it is responding.
I do hope any further communication fails because of security, but to see there is a server alive on the other side is darned useful. It is better than a port scan, because a port scan shows a listening port, but it does not show if there is a responding server behind.
jlinkels
|
|
|
09-05-2017, 08:40 AM
|
#6
|
LQ Veteran
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 21,267
|
x3270 - been a while since I needed it, but was certainly this century.
|
|
|
09-05-2017, 09:02 AM
|
#7
|
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
|
You had me at EHLO ?
|
|
2 members found this post helpful.
|
All times are GMT -5. The time now is 10:23 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|