On Fri, 2004-09-24 at 18:35, Dale Amon wrote: > On Sat, Sep 25, 2004 at 08:28:13AM +1000, Matthew Palmer wrote: > > Cisco gear contains the Debian telnetd? And if that's true, how would us > > releasing a DSA for it necessarily help all the Cisco routers out there. > > We're not talking about the general intelligence of using telnet (or, at > > least, that wasn't the initial topic of discussion), but rather the > > possibility of fixing security problems in the stock telnetd in Debian. > > The question asked was "why is anyone still using telnet > when there is ssh". And I would say that Cisco and some > other gear are about the only reasons why anyone would > still make a connection with the telnet protocol (other > than for testing odd things... I used to use 'telnet foo 110' > to hand test my company pop server when someone had problems. I totally agree that ssh should definately be used if available, but telnetd has saved me more than once. For example, I am responsible for maintaining machines all over the world, and telnet will allow me to login more quickly than ssh if the machine is under some extremely high load and is about to crash without intervention. I've also had some twit administrator change the permissions on an ssh directory, or run ssh-keygen without thinking, and as a result I'm unable to connect via ssh. telnet is all that saved me from waking somebody up at 3am to get access to a machine in another country. In addition, some machines I maintain are rather old, and the load caused by ssh has become a concern on these machines. Also, you try finding ssh-client rpms for Redhat Manhattan (5.0) which will properly and reliably communicate with any recent version of sshd. (Note that in all these examples I've been telnet'ing over a private frame connection or VPN). > So no, I was not replying about Debian fixes, I was replying > to the general question of 'why telnet at all'.
Attachment:
signature.asc
Description: This is a digitally signed message part