[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: telnetd vulnerability from BUGTRAQ

On Fri, 2004-09-24 at 18:35, Dale Amon wrote:
> On Sat, Sep 25, 2004 at 08:28:13AM +1000, Matthew Palmer wrote:
> > Cisco gear contains the Debian telnetd?  And if that's true, how would us
> > releasing a DSA for it necessarily help all the Cisco routers out there.
> > We're not talking about the general intelligence of using telnet (or, at
> > least, that wasn't the initial topic of discussion), but rather the
> > possibility of fixing security problems in the stock telnetd in Debian.
> The question asked was "why is anyone still using telnet
> when there is ssh". And I would say that Cisco and some
> other gear are about the only reasons why anyone would
> still make a connection with the telnet protocol (other
> than for testing odd things... I used to use 'telnet foo 110'
> to hand test my company pop server when someone had problems.

I totally agree that ssh should definately be used if available, but
telnetd has saved me more than once.

For example, I am responsible for maintaining machines all over the
world, and telnet will allow me to login more quickly than ssh if the
machine is under some extremely high load and is about to crash without

I've also had some twit administrator change the permissions on an ssh
directory, or run ssh-keygen without thinking, and as a result I'm
unable to connect via ssh. telnet is all that saved me from waking
somebody up at 3am to get access to a machine in another country.

In addition, some machines I maintain are rather old, and the load
caused by ssh has become a concern on these machines. Also, you try
finding ssh-client rpms for Redhat Manhattan (5.0) which will properly
and reliably communicate with any recent version of sshd.

(Note that in all these examples I've been telnet'ing over a private
frame connection or VPN).

> So no, I was not replying about Debian fixes, I was replying
> to the general question of 'why telnet at all'.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: