Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Why Install Telnet by Default?
  • From: John Summerfield <suse@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 08 Dec 2005 16:51:55 +0800
  • Message-id: <4397F42B.5070704@xxxxxxxxxxxxxxxxxxxxxx>
WebDev wrote:
> I am not a security expert by any means, nor necessarily a "purist", when it
> comes to installing only the apps I need to run. I do install some apps that
> I want to tinker with, even though I may not use them regularly. However, I
> understand that we should avoid using telnet because it is "insecure". Yet,
> telnet is still installed by default on SUSE, when the secure alternatives
> seem to be more appropriate. I assume there is a reason for this.
>
> I ask, because I deselected telnet when I installed SUSE 10.0, and duringa
> repair process, my system reported that telnet was a core app. If we should
> avoid using it, shouldn't we avoid installing it to begin with?
>
> Thanks in advance for your input.
> Don


I have not installed a telnet _server_ in years, not just because it's
insecure, but because ssh is easier to use.


However, I alwasy install a telnet client because it's so very useful
for chatting to smtp servider (eg postfix, sendmail) to test access
throught firewalls, check mail problems and such. Other service telnet's
gor for testing are pop3, imap, nntp and even ssh:
summer@Xenosaurus:~> telnet localhost 22
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-1.99-OpenSSH_4.1

Protocol mismatch.
Connection closed by foreign host.
summer@Xenosaurus:~>

This tellms ther service is working, and the version of the software there.

I can even have a conversation with webservers, tho netcat is better for
that.


< Previous Next >
References