[plug] telnet on Mandrake

[Willaim Kenworthy]

Hi Christian,
    ftp works, telnet doesnt.  To me there is something odd as I do not think there
is much of a risk with either, on a home network on the inside.  Its left me in the
lurch as when kde totally locks up (three times now), I cannot telnet in and see
whats wrong - have to reset as cannot even switch consoles.  Also my son uses (would
like to go back to using) the box via telnet session from another room - his stuff
is set up as command line, so telnet is important to at least to this home user, and
I would think to any experianced home user.  Please dont look on all use of a
computer from a sysadmins point of view (the only correct way to use  a computer is
powered off so users cannot get up to any mischief!), there are other valid uses
that require relatively open access to be usable.  I agree that leaving networking
features disabled by default is sensible, but why telnet and not ftp. Also the
Mandrake setup and I think RedHat ask "Do you want networking" as part of the
install - it makes sence that if I want networking installed, I want to be able to
use it, not have to turn on each feature one by one - unless linux conf can add them
to its deamon control panel which is an excellent idea.

BillK


Christian wrote:

> On Fri, 3 Dec 1999, Kenworthy Family wrote:
>
> > Security feature or bug? - to me if it stops you doing something that up to now
> > has been normal practice, and have not clearly, and easily findably documented
> > the fact, then its a bug!!!  I have no evidence other than telnet into the box
> > not working that any extra security has been implemented.  As well, telnet does
> > connect, brings up the escape key message, then disconnects - where's the
> > security there unless disabling a very useful feature of a networking operating
> > system is security - may as well pull the network cable.  The above winge
> > becomes irrelevant if it is Mandrakes normal precise to disable telnet access -
> > but their FAQ website etc makes no real fuss over it being any more secure than
> > other distro's - or appears to mention telnet in particular.
>
> In your case it appears that this isn't a security feature since, the
> behaviour you describe would likely be caused by tcpwrappers (which it
> isn't given what you said before unless perhaps it is a problem with the
> paranoid option: make sure your machine's name and IP resolve correctly to
> one another; in fact, this is probably it given you described a long
> timeout period before the telnet connection closes). Another thing to
> check is the telnet entry in /etc/inetd.conf: grep telnet /etc/inetd.conf
> -- make sure that the in.telnetd server is in the correct place as given
> by that file.
>
> As for what you say about disabling an important feature, I think you are
> very, very wrong.  Telnet isn't an important feature to most users
> (especially home users which I think Mandrake is somewhat targetted at).
> Furthermore, leaving such a feature disabled by default is the most
> intelligent thing to do security-wise: those users who don't use telnet
> are protected and can ignore it, those who need telnet can specifically
> enable it and thus be aware that there is another potential entrance to
> their machine.  It certainly is an important feature and it is certainly
> still there, you just have to enable it if you need it.  As for pulling
> the networking cable, I don't believe Mandrake plugs your network cabling
> in for you either -- yet you don't complain about that.  Switching on
> telnet is as trivial as plugging in a networking cable and, I think it's
> fair to say, those who don't know how to do it probably don't need to run
> telnet (or at least they shouldn't!).
>
> Regards,
>
> Christian.
>
> ============================================================================
> "Those who do not understand Unix are condemned to reinvent it, poorly."
>                                                         -- Henry Spencer