Re: Telnet

To: debian-user@lists.debian.org
Subject: Re: Telnet
From: Tim Woodall <debianuser@woodall.me.uk>
Date: Mon, 4 Dec 2023 10:29:54 +0000 (GMT)
Message-id: <[🔎] alpine.DEB.2.21.2312041005250.4922@einstein.home.woodall.me.uk>
In-reply-to: <[🔎] ZWzQkiUn03K-2u-a@wooledge.org>
References: <[🔎] CAGiORHdfM9aZVRNgcxvN_N24LG7Vocmju=ZV7L0HHG6KR-_d+w@mail.gmail.com> <[🔎] ZWumpTDBB2Z7w8mC@mail.bitfolk.com> <[🔎] 87msury2bj.fsf@free.fr> <[🔎] 20231203170044.6de5a3a2@ryz.home.arpa> <[🔎] 20231203115251.2c8ef6e6@hawk.localdomain> <[🔎] ZWzQkiUn03K-2u-a@wooledge.org>

On Sun, 3 Dec 2023, Greg Wooledge wrote:

On Sun, Dec 03, 2023 at 11:52:51AM -0700, Charles Curley wrote:


True. None the less, there is at least one perfectly good use for
telnet: testing connections to servers.

charles@hawk:~$ telnet hawk
Trying 127.0.1.1...
telnet: Unable to connect to remote host: Connection refused
charles@hawk:~$ telnet hawk 80
Trying 127.0.1.1...
Connected to hawk.localdomain.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
charles@hawk:~$


Yes, there is plenty of use for the telnet *client*.  Nobody disputes this.

The question is whether anyone should be running a telnetd *server*.
On an isolated network, it might be acceptable.  But it's really a bad
habit that should be stomped out aggressively, as machines which are
currently on an isolated network might not remain there forever.


Agree with all of the above. However, the op was connecting to what
looks like a router address. It's possibly hardware that cannot be
updated, only replaced. (and I'm not sure, therefore, if this is a
debian question at all)

I have some (post 2020) motherboards whose ipmi does not work with jvm
post stretch, nor firefox post buster. So I have to keep an old setup
around.

You should never put these sorts of devices on the internet anyway. It
might be *nice* if we didn't have to use old 'insecure' protocols but
it's not *insecure* to do so. The IPMI in question are only accessible
via physical access (so network encryption is hardly helpful) or VPN
(which is kept up to date)

It has frustrated me that the browser writers have refused to
distinguish between rfc1918 (and equivalent ipv6) addresses and
publically routable addresses when it comes to warnings and refusals to
connect.

Some years ago I abandoned firefox because there was no way to override
one of its 'I'm sorry Dave, I'm afraid I can't do that' spasms.

It's crazy that they make things like certificate pinning *impossible*
to override. Another one that bit me - again hardware where the only way
to use https was to have it generate its own self signed certificate
that expired after a year. You can 'work around' but it's *expensive*
the first time you hit it as you end up losing other config. Sure, the
hardware was buggy...

Reply to:

Follow-Ups:
- Re: Firefox, was: Telnet
  - From: Michael Kjörling <2695bd53d63c@ewoof.net>

References:
- Telnet
  - From: William Torrez Corea <willitc9888@gmail.com>
- Re: Telnet
  - From: Andy Smith <andy@strugglers.net>
- Re: Telnet
  - From: Michel Verdier <mv524@free.fr>
- Re: Telnet
  - From: Marco Moock <mm@dorfdsl.de>
- Re: Telnet
  - From: Charles Curley <charlescurley@charlescurley.com>
- Re: Telnet
  - From: Greg Wooledge <greg@wooledge.org>

Prev by Date: Re: Telnet
Next by Date: Re: ntpsec as server questions
Previous by thread: Re: Telnet
Next by thread: Re: Firefox, was: Telnet
Index(es):
- Date
- Thread