# telnetd

## Atremis

Just need a little help getting telnetd running properly.  sshd is great but there are times when being able to just telnet would be helpful (eg, travelling and no access to ssh client software, which is more frequent than you might think)

Here is what I have done so far:

emerge net-misc/netkit-telnetd

ln -s /usr/sbin/telnetd /etc/init.d/telnetd

rc-update add telnetd default

so far, still cant telnet, even to localhost.  Any ideas?

For the record, I am running the 1.2 release; everything is working w/o problems (except telnet, duh).

----------

## Naan Yaar

See this thread for telnetd.  Basically, if you:

```

emerge xinetd

rc-update add xinetd default

```

and then

```

cat > /etc/xinetd.d/telnet << END

service telnet

{

        disable         = no

        flags           = REUSE

        socket_type     = stream

        wait            = no

        user            = root

        server          = /usr/sbin/in.telnetd

        log_on_failure  += USERID

        log_on_success  += PID HOST EXIT

}

END

/etc/init.d/xinetd start

```

you should be ready to go.

I am not sure why you don't want to use ssh.  Even on Windows, the PuTTY client is very small and portable does ssh nicely.

----------

## klieber

 *Atremis wrote:*   

> Jthere are times when being able to just telnet would be helpful

 

Telnet is inherently insecure.  It passes all information (including usernames and passwords) over the wire in clear text.  This means it is trivial to sniff that information as it crosses any one of a number of hops along its normal journey.

Many people discount this as being one of the many things that will "never happen to me".  Then it does happen to them and they suddenly wish they took security a little more seriously...

SSH software is free and always available.  It's part of almost every *nix box that I've ever seen and PuTTY is freely available for Windows and doesn't require any special privilages (such as admin rights) to use.  You can carry it around on a floppy or burned to a CD, for that matter.

Basically, there are extremely few (I hesitate to say never, lest I draw out the pedants in the forum) cases where telnet is the only way to establish a remote connection.

I truly hope you don't learn this the hard way.

</soapbox>

--kurt

----------

## Atremis

Circlemud.  I have not yet found a way to ssh into a MUD (if its possible, please correct me!).  For this, telnet is only used to connect to port 5000, and since no user data is transmitted (that is, no one is using telnet to connect to a shell account) then the only data a potential hacker might get would be the poor guys character name and password  :Wink: 

The other reason is that often times I am travelling and when I need to check my mail on a PC that is not my own, an SSH client is not readily available (especially overseas!).  In any case, these instances are few and far between but still common enough that it is a genuine concern for me.  We're talking about a box that has, at most, 2 active users (myself and my father), and he will only be using SSH.  So, we're really talking about a machine that will have, maybe, a dozen brief telnet connections each year.

----------

## pjp

You don't need to run a telnet server to connect to a MUD.

 *klieber wrote:*   

> PuTTY is freely available for Windows and doesn't require any special privilages (such as admin rights) to use. You can carry it around on a floppy or burned to a CD, for that matter.

 

I'm wondering if you can run it off the CD.  If that is possible, then you've not mentioned a reason to use a telnet server.  Just a thought.

----------

## rac

 *Atremis wrote:*   

> The other reason is that often times I am travelling and when I need to check my mail [...] So, we're really talking about a machine that will have, maybe, a dozen brief telnet connections each year.

 

Just like pregnancy, it only takes once, and there are dedicated packet sniffers that specifically look for traffic into and out of telnet ports, archive them and/or mail the contents periodically to the black hat.  Would it be possible to temporarily forward your email to a webmail account or something during the time you are overseas?

I would just like to add my voice to the chorus that anything you can do to avoid installing telnetd sounds like a good idea.

----------

## Atremis

 *kanuslupus wrote:*   

> You don't need to run a telnet server to connect to a MUD.
> 
> 

 

No, you dont need a telnet server to connect to one, but you do need one to run the MUD itself (as in, the MUD runs on my machine).

CircleMUD accepts connections via Telnet, AFAIK.  Again, if anyone knows how to connect to a MUD using SSH, I'd really like to know.

----------

## Larz

Thanks to the posters on this forum, I was able to get ssh up and running with no problems.  Downloaded a copy of putty and can connect via NT boxes as well.

However telnet is another story.

I  followed all the advise stated here (and on the refered thread).  Emerged all the necessary packages, get xinetd to start, but I receive "connection to host lost" message when attempting to connect. 

I checked --- telnet is not commented out in the services file and the xinetd.conf file looks good as well. 

Any suggestions would be appreciated

Thanks

Larz

----------

## Naan Yaar

What does your xinetd.conf file look like?  If you have a "only_from" or "no_access" lines in xinetd.conf file, they need to be set correctly to allow access.  Try doing it from the same machine by doing "telnet localhost" first.  If you have a firewall running, it could prevent access too.

----------

## Larz

Thanks for the info 

telenet to local host works fine....

Checked out xinetd.config and sure enough the line "only_from=localhost" was there in the sample config section.  That'll teach me to keep my eyes open from now on.

Commented that line out and restarted xinetd, all is working now.

Thanks for the help...

Larz 

PS is there a real need for that line our could I just leave it commented out?

----------

## Naan Yaar

It offers you some protection from unauthorized connections (a la TCP wrappers).  Some information here.  I am sure there are other resources you'll find with a google search.

 *Larz wrote:*   

> ...
> 
> Checked out xinetd.config and sure enough the line "only_from=localhost" was there in the sample config section.  That'll teach me to keep my eyes open from now on.
> 
> Commented that line out and restarted xinetd, all is working now.
> ...

 

----------

## Kilian

 *Atremis wrote:*   

> No, you dont need a telnet server to connect to one, but you do need one to run the MUD itself (as in, the MUD runs on my machine).
> 
> CircleMUD accepts connections via Telnet, AFAIK.  Again, if anyone knows how to connect to a MUD using SSH, I'd really like to know.

 

That's entirely false. I've coded with a wide variety of MUD bases, CircleMUD included, and it does not interact with a telnet server in any way. It makes use of the telnet protocols, but does not use or interact with telnetd or anything similar.

One case running telnetd could possibly be considered useful is to allow someone to MUD from behind a firewall, since usually the port numbers MUD's run on are blocked. But in those cases, I'd far sooner recommend setting up a socks proxy for yourself, over using telnet.

----------

## Naan Yaar

Even here, forwarding the connection over ssh should work nicely (the -L option).  If you turn on compression on your connection, you have an added bonus  :Smile: .

 *Kilian wrote:*   

> ...
> 
> One case running telnetd could possibly be considered useful is to allow someone to MUD from behind a firewall, since usually the port numbers MUD's run on are blocked. But in those cases, I'd far sooner recommend setting up a socks proxy for yourself, over using telnet.

 

----------

## catalYst

Check out this scenario...so your working in the computer lab at your university, because honestly you just get more work done there.  But your sysadmin refuses to install Emacs and you happen to be dicking around with Scheme or Lisp or something...well you want to ssh/telnet into your box and run emacs from there.  The problem is, your sysadmin won't even give you access to put a simple client like PuTTY on the Windoze boxes in the lab. What do you do?! What...do you do!?  I'll tell you what, load up good ol' telnetd, because the school already has a big-ass firewall protecting you from asshole sniffers out in the harsh internet and you know just about all the geeks on campus, so if anybody is caught crackin' you know who to talk to...

Oh, and I suppose it goes without saying that the sysadmin has better things to do with his his time than install an ssh client for two, maybe three students at a small libarts school.  Right, so don't say the senario will never come up...it does and can.  Besides, most people who would go to the trouble of installing telnet on Gentoo when it's hidden away in net-misc/netkits-telnetd  probably already understand the complete lack of security inherent in the telnet protocol...

Thanks, have a good day....Last edited by catalYst on Sat Oct 05, 2002 4:24 pm; edited 1 time in total

----------

## Mnemia

But then, why should they have telnet installed either? In my opinion it has totally outlived its functionality and is no longer necessary in any way. SSH along w/ tunnelling completely supersedes the use of telnet and even at the small school I go to they have installed SSH and removed telnet access for all the shell-based mail accounts. All Windows XP lab machines are running a commercial SSH client as well (not putty). Keep in mind that they are doing that for non-CS majors, and trying to teach everyone who was using telnet that ssh is the same thing but better.

I think that more people than you think use telnet/ssh at small libarts schools; there are definitely faculty I know of who have been checking their mail through pine for the last 10 years because that's what they were originally taught in 1992 or so and they don't see a need to learn how to use modern GUI mail clients. These are English and history profs who are basically clueless about technology and don't like to change their old habits.

And BTW your argument about the school's firewall protecting you from sniffing is flawed, IMHO. All a cracker would have to do it r00t some vulnerable box anywhere on campus and he could potentially be offered access to a sniffer behind the firewall. There just isn't any logical reason at all that telnet should be used under any circumstances; that's why Gentoo makes it and the (also) vulnerable xinetd such a pain to set up for remote access. They want you to be damn sure you know that this is a BAD IDEA.

Another possible solution would be to put a putty client in an Apache server on your box and allow it to be downloaded by you at any location through .htaccess authentication. Putty is stand-alone so you wouldn't even have to install it to use it remotely. You could just use it and delete it when you were done.

----------

## klieber

 *catalYst wrote:*   

> The problem is, your sysadmin won't even give you access to put a simple client like PuTTY on the Windoze boxes in the lab.

 

Run it from a floppy or a CD.

--kurt

----------

## catalYst

Hehe, you both make good points...I'll take that into consideration.

I was hoping to start something with that post...now all I need to do is convince my school that upgrading when Win2K came out was a BAD idea...All the Wintel computers on campus are running Win2K and believe me, they paid a fortune for the licences are not excited to pay it again for XP.

I like the idea of running it off a cd though, seems thats my best option.

Mnemia:  What was that you were saying about using Apache?  That sounds like a slightly more elegant solution...

Thanks, 

Colin

----------

## kyptin

Of course, you could always just telnet in to a server on-campus or whatever, and then ssh into your machine, since any decent unix box will have ssh installed.  Then you won't have to use PuTTY or anything.

Yes, I realize this is horrible security.  Laugh a little.   :Laughing:   Sadly, though, that's what I did early on to get into a box that only accepted ssh connections, when I didn't know about PuTTY.  :Rolling Eyes: 

----------

## Mnemia

Well, I wouldn't really say you should run Apache just for this unless you already have a reason to do so. But if you're running a webserver too then it works out great like this.

What I did was put a folder in my Apache webserver root. Then I put the exe for putty in that folder. Whenever I get to a Windows machine that doesn't have SSH but has a web browser, I simply download putty from my own machine. It's really fast and easy since it's always at the same place and no searching, etc. The putty client is standalone so I can just run it with just that file. I use a .htaccess file for Apache to restrict access to that folder with a password, since I don't want to be illegally distributing anything. I keep other downloads in there too so that I can get anything I might need away from my computer.

----------

## MasterRa

I hate it when someone (or I) asks for help getting telnet to work, and instead of answering them, everyone just starts talking about how bad telnet is and that they shouldn't be using it. Some of us have reasons to use it. It doesn't matter what those reasons are. 

It might be good to point out that ssh is much more secure, and handles most stuff better anyway, but there's no need for all the bashing.

I use ssh daily. But i also use telnet sometimes. 

Anyway.. thanks whoever that was that actually answered.. it worked great.

----------

## kashani

 *MasterRa wrote:*   

> I hate it when someone (or I) asks for help getting telnet to work, and instead of answering them, everyone just starts talking about how bad telnet is and that they shouldn't be using it. Some of us have reasons to use it. It doesn't matter what those reasons are. 
> 
> It might be good to point out that ssh is much more secure, and handles most stuff better anyway, but there's no need for all the bashing.
> 
> 

 

This is done because there are very few GOOD reasons to run a telnet server. By pointing out that running telnet is extremely unsafe many people that might have run telnetd will instead look at ssh, a much better solution. As a result you'll get harrasses until people accept that you might have a good reason to do what you're doing.

One solution that was not mentioned is using webmin through ssl and getting a shell through its ssh/telnet window functionality. It looks a little unfancy in my test, but workable.

kashani

----------

## chaos421

is there an sshd?

thanks,

/keith

----------

## nbensa

```
emerge openssh
```

----------

