Telnet daemon retired in 3.8 ?

classic Classic list List threaded Threaded
25 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Telnet daemon retired in 3.8 ?

Matthew S Elmore
I cannot appear to locate a telnet daemon in 3.8 installs now. It
appears to have silently disappeared between 3.7 and 3.8.

I see no mention of this in the release notes or after a cursory search
of the mailing lists. It's possible it is mentioned somewhere and I am
missing it.

I understand the advantages of ssh over telnet, but telnet is still
heavily used in many environments.

Is it merely hiding somewhere or can someone recommend an alternative
for me?

Regards,
Matt

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

J.D. Bronson
At 05:28 PM 11/7/2005, Matthew S Elmore wrote:

>I cannot appear to locate a telnet daemon in 3.8 installs now. It
>appears to have silently disappeared between 3.7 and 3.8.
>
>I see no mention of this in the release notes or after a cursory
>search of the mailing lists. It's possible it is mentioned somewhere
>and I am missing it.
>
>I understand the advantages of ssh over telnet, but telnet is still
>heavily used in many environments.
>
>Is it merely hiding somewhere or can someone recommend an alternative for me?
>
>Regards,
>Matt
>

I noticed the same thing.....I used to use telnet via the LAN and ssh
via the WAN...and now run ssh on both. Thanks to a tip from this
list, I used different configs..on the LAN, I use passwords, so ssh
works very much like telnetd and on the WAN, I only permit publickeys
for security.

HTH.

-JD

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Jason Crawford
In reply to this post by Matthew S Elmore
telnetd was completely removed from the source tree around the end of may,
soon after 3.7 was released. As far as an alternative, why does sshd not
work? There are ssh daemons for almost all other operating systems, unless
maybe you're using OpenVMS or Plan9 (although I think there is at least one
for those as well, just not OpenSSH).

On 11/7/05, Matthew S Elmore <[hidden email]> wrote:

>
> I cannot appear to locate a telnet daemon in 3.8 installs now. It
> appears to have silently disappeared between 3.7 and 3.8.
>
> I see no mention of this in the release notes or after a cursory search
> of the mailing lists. It's possible it is mentioned somewhere and I am
> missing it.
>
> I understand the advantages of ssh over telnet, but telnet is still
> heavily used in many environments.
>
> Is it merely hiding somewhere or can someone recommend an alternative
> for me?
>
> Regards,
> Matt

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Ioan Nemes
In reply to this post by Matthew S Elmore
It in not the question of sshd works or, not!  In large environments,
where you have a large number of legacy hardware (like Apollo 700,
HP 3000, HP 7000, Solaris 2.5.1 etc., etc.), and the purpose of a UNIX
box is other than to run a firewall, a webserver, mail-server, or
MySQL,
plus you have thousand + users, and clients (internal/external on
different
client platforms), yes it is bad not have telnetd running.  Matthew is
quite
right, telnet is live and will be for very long time.  It was a bad
choice
to be removed from the source tree.  You reduce your options.

Above, I am not arguing pro/contra telnetd, or sshd!

Ioan


>>> Jason Crawford <[hidden email]> 08/11/2005 11:55:55 am
>>>
telnetd was completely removed from the source tree around the end of
may,
soon after 3.7 was released. As far as an alternative, why does sshd
not
work? There are ssh daemons for almost all other operating systems,
unless
maybe you're using OpenVMS or Plan9 (although I think there is at least
one
for those as well, just not OpenSSH).

On 11/7/05, Matthew S Elmore <[hidden email]> wrote:
>
> I cannot appear to locate a telnet daemon in 3.8 installs now. It
> appears to have silently disappeared between 3.7 and 3.8.
>
> I see no mention of this in the release notes or after a cursory
search
> of the mailing lists. It's possible it is mentioned somewhere and I
am
> missing it.
>
> I understand the advantages of ssh over telnet, but telnet is still
> heavily used in many environments.
>
> Is it merely hiding somewhere or can someone recommend an
alternative
> for me?
>
> Regards,
> Matt
http://www.netcleanse.com

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Carson Harding
On Tue, Nov 08, 2005 at 12:47:18PM +1100, Ioan Nemes wrote:

> It in not the question of sshd works or, not!  In large environments,
> where you have a large number of legacy hardware (like Apollo 700,
> HP 3000, HP 7000, Solaris 2.5.1 etc., etc.), and the purpose of a UNIX
> box is other than to run a firewall, a webserver, mail-server, or
> MySQL,
> plus you have thousand + users, and clients (internal/external on
> different
> client platforms), yes it is bad not have telnetd running.  Matthew is
> quite
> right, telnet is live and will be for very long time.  It was a bad
> choice
> to be removed from the source tree.  You reduce your options.

[snip]

telnetd (note the 'd') was removed. telnet is still there. you can
telnet to your old systems. just use ssh to get to your openbsd
systems. or am I misunderstanding the problem?

-- Carson Harding - harding (at) motd (dot) ca

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

STeve Andre'
In reply to this post by Ioan Nemes
On Monday 07 November 2005 20:47, Ioan Nemes wrote:

> It in not the question of sshd works or, not!  In large environments,
> where you have a large number of legacy hardware (like Apollo 700,
> HP 3000, HP 7000, Solaris 2.5.1 etc., etc.), and the purpose of a UNIX
> box is other than to run a firewall, a webserver, mail-server, or
> MySQL,
> plus you have thousand + users, and clients (internal/external on
> different
> client platforms), yes it is bad not have telnetd running.  Matthew is
> quite
> right, telnet is live and will be for very long time.  It was a bad
> choice
> to be removed from the source tree.  You reduce your options.
>
> Above, I am not arguing pro/contra telnetd, or sshd!
>
> Ioan
[snip]

If you *really* need telnetd, you could always go to the attic and
pull it out.  Or get it from your 3.7 CD and figure out how to build
it.

I fail to see why you need it, however.  You can still telnet from
OpenBSD to your legacy systems, so that isn't dead.  What *is*
dead is the idea of encouraging client systems to telnet to a
modern host.  I applaud this, as I did when rlogind went away.

Telnet needs to die.  If no one will take the stance of geting
rid of it, how will it ever end?

--STeve Andre'

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Lars Hansson
In reply to this post by Ioan Nemes
On Tue, 08 Nov 2005 12:47:18 +1100
"Ioan Nemes" <[hidden email]> wrote:

> Above, I am not arguing pro/contra telnetd, or sshd!

I dont see the problem. The "telnet" command is still there, it's only
telnetd that's gone.

---
Lars Hansson

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Daniel Ouellet
In reply to this post by Matthew S Elmore
Matthew S Elmore wrote:
> I cannot appear to locate a telnet daemon in 3.8 installs now. It
> appears to have silently disappeared between 3.7 and 3.8.

Not really silently, but not with huge party either.

http://marc.theaimsgroup.com/?l=openbsd-cvs&m=111700017509177&w=2

I know it was announce as well, can't put my finger right away on the
article, but definitely it was talked about and said to be gone.

I good thing really!

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Jason Crawford
In reply to this post by Matthew S Elmore
Well, the parent poster asked for an alternative, so I said sshd. If he
wanted telnetd, then he wouldn't ask for an alternative, very simple. And
you act as if I had anything to do with telnetd being removed. I have
nothing to do about anything OpenBSD does, short of maybe helping to fix a
bug or two I might happen to find. You don't like telnetd being gone, use
another OS or just use an alternative, like the parent poster asked about in
his first email (sshd).

On 11/7/05, Ioan Nemes <[hidden email]> wrote:

>
> It in not the question of sshd works or, not! In large environments,
> where you have a large number of legacy hardware (like Apollo 700,
> HP 3000, HP 7000, Solaris 2.5.1 etc., etc.), and the purpose of a UNIX
> box is other than to run a firewall, a webserver, mail-server, or
> MySQL,
> plus you have thousand + users, and clients (internal/external on
> different
> client platforms), yes it is bad not have telnetd running. Matthew is
> quite
> right, telnet is live and will be for very long time. It was a bad
> choice
> to be removed from the source tree. You reduce your options.
>
> Above, I am not arguing pro/contra telnetd, or sshd!
>
> Ioan
>
>
> >>> Jason Crawford <[hidden email]> 08/11/2005 11:55:55 am
> >>>
> telnetd was completely removed from the source tree around the end of
> may,
> soon after 3.7 was released. As far as an alternative, why does sshd
> not
> work? There are ssh daemons for almost all other operating systems,
> unless
> maybe you're using OpenVMS or Plan9 (although I think there is at least
> one
> for those as well, just not OpenSSH).
>
> On 11/7/05, Matthew S Elmore <[hidden email]> wrote:
> >
> > I cannot appear to locate a telnet daemon in 3.8 installs now. It
> > appears to have silently disappeared between 3.7 and 3.8.
> >
> > I see no mention of this in the release notes or after a cursory
> search
> > of the mailing lists. It's possible it is mentioned somewhere and I
> am
> > missing it.
> >
> > I understand the advantages of ssh over telnet, but telnet is still
> > heavily used in many environments.
> >
> > Is it merely hiding somewhere or can someone recommend an
> alternative
> > for me?
> >
> > Regards,
> > Matt
>
>
>
> -----------------------------------------------
> Scanned by Fairfield City Council - NetCleanse for all known viruses.
> http://www.netcleanse.com

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Damien Miller
In reply to this post by Ioan Nemes
On Tue, 8 Nov 2005, Ioan Nemes wrote:

> It in not the question of sshd works or, not!  In large environments,
> where you have a large number of legacy hardware (like Apollo 700,
> HP 3000, HP 7000, Solaris 2.5.1 etc., etc.),

You can compile portable OpenSSH (or another ssh client) on most of these.

> It was a bad choice to be removed from the source tree.  You reduce your
> options.

You reduce your options by not granting superuser privileges to regular
users too. Reducing options is a good thing when the options you reduce
are DUMB.

-d

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Shawn K. Quinn
In reply to this post by Matthew S Elmore
On Mon, 2005-11-07 at 17:28 -0600, Matthew S Elmore wrote:
> I understand the advantages of ssh over telnet, but telnet is still
> heavily used in many environments.

Telnet is a horribly insecure protocol subject to at least two attacks
by third parties with access to any part of the network between the two
hosts. Thus, telnetd is gone for a damn good reason, that being that
it's a turd that has no place in a "secure by default" OS.

If you absolutely must have telnetd, I guess you can compile it from the
source in 3.7, but please, you should be fully aware that this opens up
security holes big enough that a tank can be driven through without the
appropriate countermeasures; at a minimum, you should use one-time
passwords (S/Key) to make password sniffing useless, and only allow
telnet connections from networks where you know for sure nobody with
root access will try to hijack or eavesdrop on connections (such as a
LAN where either you are the sole admin or you know and trust the other
admins).

--
Shawn K. Quinn <[hidden email]>

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Blake Darche
If you really need telnetd that badly, you could just run netcat with
a listener on port 23 (nc -l 23). It would be about as secure as
telnet ever was...

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Xavier Beaudouin
In reply to this post by Shawn K. Quinn
Shawn K. Quinn wrote:

> On Mon, 2005-11-07 at 17:28 -0600, Matthew S Elmore wrote:
>
>>I understand the advantages of ssh over telnet, but telnet is still
>>heavily used in many environments.
>
>
> Telnet is a horribly insecure protocol subject to at least two attacks
> by third parties with access to any part of the network between the two
> hosts. Thus, telnetd is gone for a damn good reason, that being that
> it's a turd that has no place in a "secure by default" OS.


Maybe someone can make a port for insecure indentification for secured
system with telnetd.

Personnaly I don't use telnetd for ages especialy on systems that are
security based...

By the same is for rexecd / rshd.... :p

/Xavier

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Stuart Henderson
In reply to this post by Blake Darche
On 2005/11/08 02:58:42, Blake Darche wrote:
> If you really need telnetd that badly, you could just run netcat with
> a listener on port 23 (nc -l 23). It would be about as secure as
> telnet ever was...

More modern telnet wasn't *quite* that bad..still, better avoided.

How about having telnet users connect to a gateway box, telnet in
and ssh out, to cater for 'legacy users'? Should be sufficiently
annoying that people who *can* ssh directly, do. And still leaves
a method for old users to continue.

Just call the command 'connect' or something, so the users don't get
the wrong idea about security ...

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Nick Holland
In reply to this post by Xavier Beaudouin
Xavier Beaudouin wrote:
...
> Personnaly I don't use telnetd for ages especialy on systems that are
> security based...

there's a point.
You use OpenBSD for security.
Then you do horribly insecure things to access it.
huh?

Nick.

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Matthew S Elmore
In reply to this post by Matthew S Elmore
Martin,

That's what I was looking for. Many thanks! :)

Matt

Martin Ekendahl wrote:

> http://www.gnu.org/software/inetutils/inetutils.html
>
> Download that and just compile the telnet server
>
> Ta Da!
>
> -Martin
>
> Matthew S Elmore wrote:
>> I cannot appear to locate a telnet daemon in 3.8 installs now. It
>> appears to have silently disappeared between 3.7 and 3.8.
>>
>> I see no mention of this in the release notes or after a cursory
>> search of the mailing lists. It's possible it is mentioned somewhere
>> and I am missing it.
>>
>> I understand the advantages of ssh over telnet, but telnet is still
>> heavily used in many environments.
>>
>> Is it merely hiding somewhere or can someone recommend an alternative
>> for me?
>>
>> Regards,
>> Matt

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Tobias Weingartner-2
In reply to this post by Shawn K. Quinn
On Tuesday, November 8, "Shawn K. Quinn" wrote:
>
> Telnet is a horribly insecure protocol subject to at least two attacks
> by third parties with access to any part of the network between the two
> hosts. Thus, telnetd is gone for a damn good reason, that being that
> it's a turd that has no place in a "secure by default" OS.

nc(1) is an option...

> If you absolutely must have telnetd, I guess you can compile it from the
> source in 3.7, but please, you should be fully aware that this opens up
> security holes big enough that a tank can be driven through without the
> appropriate countermeasures; at a minimum, you should use one-time
> passwords (S/Key) to make password sniffing useless, and only allow
> telnet connections from networks where you know for sure nobody with
> root access will try to hijack or eavesdrop on connections (such as a
> LAN where either you are the sole admin or you know and trust the other
> admins).

Or tunnel it... oh, say through ssh?  :) :) :)

--Toby.

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Luís Bruno-2
In reply to this post by Shawn K. Quinn
Shawn K. Quinn wrote:
> only telnet connections from networks where you know for sure nobody with
> root access will try to hijack or eavesdrop on connections (such as a
> LAN where either you are the sole admin or you know and trust the other
> admins).

And where other people can't connect their own devices, for example;
here at my school at the computer lab, that's not the reality.

So I bring my own laptop and I ssh everywhere.

Cheers!
--
2a) Do not skimp on the hardware you standardize on. Easy-to-maintain
systems designed for corporate and government environments (like Dell
Optiplex systems) are worth the money you spend on them.
        -- Christian Wagner's Tips

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Xavier Beaudouin
In reply to this post by Nick Holland
> Xavier Beaudouin wrote:
> ...
>> Personnaly I don't use telnetd for ages especialy on systems that are
>> security based...
>
> there's a point.
> You use OpenBSD for security.
> Then you do horribly insecure things to access it.
> huh?

I don't use telnetd for ages. I don't bother about the removing of telnetd
on 3.8...

It is just to help people that complain about the fact telnetd was
removed, that a simple port for telnetd maybe help those people that use
legacy method to connect.

/Xavier

--
Quand on essaye continuellement, on finit par y arriver. Donc, plus ca
rate, plus on a de chance que ca marche...
(Proverbe Shadok)

Reply | Threaded
Open this post in threaded view
|

Re: Telnet daemon retired in 3.8 ?

Peter J. Philipp
In reply to this post by Nick Holland
On Tue, Nov 08, 2005 at 07:05:24AM -0500, Nick Holland wrote:
> there's a point.
> You use OpenBSD for security.
> Then you do horribly insecure things to access it.
> huh?
>
> Nick.

Yeah using telnet these days is not a good idea.  

General Question:  Anyone bored and got nothing to do?  Then perhaps
replace the S/Key example in the FAQ where someone telnets into an OpenBSD
box and is challenged with S/Key.  Perhaps replacing the telnet session with
an SSH session would be appropriate.

http://www.openbsd.org/faq/faq8.html#SKey

Regards,

-peter

12