On Sun, 3 Dec 2023, Greg Wooledge wrote:
On Sun, Dec 03, 2023 at 11:52:51AM -0700, Charles Curley wrote:True. None the less, there is at least one perfectly good use for telnet: testing connections to servers. charles@hawk:~$ telnet hawk Trying 127.0.1.1... telnet: Unable to connect to remote host: Connection refused charles@hawk:~$ telnet hawk 80 Trying 127.0.1.1... Connected to hawk.localdomain. Escape character is '^]'. ^] telnet> quit Connection closed. charles@hawk:~$Yes, there is plenty of use for the telnet *client*. Nobody disputes this. The question is whether anyone should be running a telnetd *server*. On an isolated network, it might be acceptable. But it's really a bad habit that should be stomped out aggressively, as machines which are currently on an isolated network might not remain there forever.
Agree with all of the above. However, the op was connecting to what looks like a router address. It's possibly hardware that cannot be updated, only replaced. (and I'm not sure, therefore, if this is a debian question at all) I have some (post 2020) motherboards whose ipmi does not work with jvm post stretch, nor firefox post buster. So I have to keep an old setup around. You should never put these sorts of devices on the internet anyway. It might be *nice* if we didn't have to use old 'insecure' protocols but it's not *insecure* to do so. The IPMI in question are only accessible via physical access (so network encryption is hardly helpful) or VPN (which is kept up to date) It has frustrated me that the browser writers have refused to distinguish between rfc1918 (and equivalent ipv6) addresses and publically routable addresses when it comes to warnings and refusals to connect. Some years ago I abandoned firefox because there was no way to override one of its 'I'm sorry Dave, I'm afraid I can't do that' spasms. It's crazy that they make things like certificate pinning *impossible* to override. Another one that bit me - again hardware where the only way to use https was to have it generate its own self signed certificate that expired after a year. You can 'work around' but it's *expensive* the first time you hit it as you end up losing other config. Sure, the hardware was buggy...