You are here

Disable Telnet Completely? (redo)

4 posts / 0 new
Last post
kf6iiu
Disable Telnet Completely? (redo)
Sorry - I deleted my original post accidentally because there was some incorrect information in it. There some replies already, apparently, so they got deleted as well. Sorry.

Correct information: 

Bottom line: I replaced telnetd with a dumb script: 

#!/bin/sh
while true
do
echo Fake telnetd looping
sleep 9999
done

For some reason, when I initially logged in and tried to replace telnetd after killing the original daemon, the node immediately crashed (maybe because I have watchdog enabled?)
root@KF6IIU-32-13-224:~# cat > /usr/sbin/telnetd
-ash: can't create /usr/sbin/telnetd: Text file busy
root@KF6IIU-32-13-224:~# client_loop: send disconnect: Broken pipe
When the node came back up I was able to write to the file, I overwrote it with my script and voila, no more telnet:
root@KF6IIU-32-13-224:~# telnet localhost
telnet: can't connect to remote host (127.0.0.1): Connection refused



 
w6bi
w6bi's picture
Telnet
Wiley, are your concerns from a security standpoint?  That's probably legitimate, but the AREDN admins are not likely to remove it.  That's because there are significant number of hams who think that ssh may violate restrictions in Part 97 (there's some controversy about that).  So if they won't use ssh, they'll need telnet for remote access.

Orv W6BI
kf6iiu
Telnet
I habitually cringe when I see telnet running. Once back in my IT career, I watched as a white hat hacker pasted some random characters into a telnet username prompt. The result: 

#

A root shell. 

And yes I know about the "encryption" controversy. It's a personal choice. But let me know if someone ever gets an enforcement letter from the FCC for using SSH on one of the ham band channels. 

 
w6bi
w6bi's picture
SSH
I don't worry about it and I'm not holding my breath smiley

Orv W6BI

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer