I just install Centos 7 on my laptop. I have also installed telnet-server and telnet. I can telnet to other server from my local CentOS 7 but can not telnet localhost also, i can not telnet to my localhost from other server.
I try to check telnet file in /etc/xinetd.d directory but the file "telnet" is not there.
Please can someone help me with the steps to install telnet or enable telnet services on CENTOS 7 so that i can telnet my localhost.
Below is the error message: [claire@ittestsrvr ~]$ telnet localhost Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused
On Mon, Nov 24, 2014 at 9:33 AM, Samson okosam@gmail.com wrote:
I just install Centos 7 on my laptop. I have also installed telnet-server and telnet. I can telnet to other server from my local CentOS 7 but can not telnet localhost also, i can not telnet to my localhost from other server.
I try to check telnet file in /etc/xinetd.d directory but the file "telnet" is not there.
Please can someone help me with the steps to install telnet or enable telnet services on CENTOS 7 so that i can telnet my localhost.
Below is the error message: [claire@ittestsrvr ~]$ telnet localhost Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused
I will not go over the question about running telnet in your laptop; others will chime in. Now that is out, did you check whether telnet is running using ps and netstat?
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, Nov 24, 2014 at 9:38 AM, Mauricio Tavares raubvogel@gmail.com wrote:
On Mon, Nov 24, 2014 at 9:33 AM, Samson okosam@gmail.com wrote:
I just install Centos 7 on my laptop. I have also installed telnet-server and telnet. I can telnet to other server from my local CentOS 7 but can not telnet localhost also, i can not telnet to my localhost from other server.
I try to check telnet file in /etc/xinetd.d directory but the file "telnet" is not there.
Please can someone help me with the steps to install telnet or enable telnet services on CENTOS 7 so that i can telnet my localhost.
Below is the error message: [claire@ittestsrvr ~]$ telnet localhost Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused
I will not go over the question about running telnet in yourlaptop; others will chime in. Now that is out, did you check whether telnet is running using ps and netstat?
Also, how did you turn telnet on? Leave xinetd alone.
What does
systemctl status telnet.socket
tell you?
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 11/24/2014 6:38 AM, Mauricio Tavares wrote:
I will not go over the question about running telnet in yourlaptop; others will chime in. Now that is out, did you check whether telnet is running using ps and netstat?
useless advise, since telnet is almost always run from a socket, the telnetd is only running if there's an active connection.
to the OP, the *correct* answer is, do not use or touch xinetd, and if you modified anything in xinetd, undo it. heck, uniinstall xinetd, nothing in RHEL7/CentOS7 uses xinetd anymore.
root# systemctl enable telnet.socket root# systemctl start telnet.socket
the first command enables it so its available when the system is rebooted.
the 2nd command starts it now.
now, I will have to concur, the telnet protocol should be banned, and anything using it should be updated to use ssh instead. I haven't enabled telnetd on any unix/linux host for the last 10+ years.
On Mon, Nov 24, 2014 at 3:59 PM, John R Pierce pierce@hogranch.com wrote:
On 11/24/2014 6:38 AM, Mauricio Tavares wrote:
I will not go over the question about running telnet in yourlaptop; others will chime in. Now that is out, did you check whether telnet is running using ps and netstat?
useless advise, since telnet is almost always run from a socket, the telnetd is only running if there's an active connection.
to the OP, the *correct* answer is, do not use or touch xinetd, and if you modified anything in xinetd, undo it. heck, uniinstall xinetd, nothing in RHEL7/CentOS7 uses xinetd anymore.
root# systemctl enable telnet.socket root# systemctl start telnet.socket
I take you missed the part in my reply asking him to do
systemctl status telnet.socket
the first command enables it so its available when the system is rebooted.
the 2nd command starts it now.
now, I will have to concur, the telnet protocol should be banned, and anything using it should be updated to use ssh instead. I haven't enabled telnetd on any unix/linux host for the last 10+ years.
-- john r pierce 37N 122W somewhere on the middle of the left coast
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, Nov 24, 2014 at 03:33:24PM +0100, Samson wrote:
Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused
Because telnet is 1970s tech that should die in a fire; it's not enabled by default nor does the firewall permit it by default.
Why are you wanting to use telnet in the first place?
John
On Mon, 24 Nov 2014 08:46:33 -0600 John R. Dennison wrote:
Why are you wanting to use telnet in the first place?
I don't know what his use case is, but I installed telnet on this computer a while back for the Android Remote Keyboard app.
https://play.google.com/store/apps/details?id=de.onyxbits.remotekeyboard
Am 24.11.2014 um 18:11 schrieb Frank Cox theatre@melvilletheatre.com:
On Mon, 24 Nov 2014 08:46:33 -0600 John R. Dennison wrote:
Why are you wanting to use telnet in the first place?
I don't know what his use case is, but I installed telnet on this computer a while back for the Android Remote Keyboard app.
https://play.google.com/store/apps/details?id=de.onyxbits.remotekeyboard
best practice is to not use clear text protocols anymore.
-- LF
On Mon, Nov 24, 2014 at 11:38 AM, Leon Fauster leonfauster@googlemail.com wrote:
Am 24.11.2014 um 18:11 schrieb Frank Cox theatre@melvilletheatre.com:
On Mon, 24 Nov 2014 08:46:33 -0600 John R. Dennison wrote:
Why are you wanting to use telnet in the first place?
I don't know what his use case is, but I installed telnet on this computer a while back for the Android Remote Keyboard app.
https://play.google.com/store/apps/details?id=de.onyxbits.remotekeyboard
best practice is to not use clear text protocols anymore.
Umm, yeah. Encrypted protocols would never be compromised....
On Mon, Nov 24, 2014 at 12:04:30PM -0600, Les Mikesell wrote:
Umm, yeah. Encrypted protocols would never be compromised....
Which do you think is more likely? Someone sniffing a cleartext credential set on the wire or someone subverting an alleged "secure" encrypted protocol?
Nothing is bullet-proof, we all know this, but you at least make an attempt not to run cleartext crap.
John
On Mon, Nov 24, 2014 at 12:12 PM, John R. Dennison jrd@gerdesas.com wrote:
On Mon, Nov 24, 2014 at 12:04:30PM -0600, Les Mikesell wrote:
Umm, yeah. Encrypted protocols would never be compromised....
Which do you think is more likely? Someone sniffing a cleartext credential set on the wire or someone subverting an alleged "secure" encrypted protocol?
For things that matter, you should expect both. For things that don't matter, well they don't matter.
The original poster has not replied, so we do not know his reasoning.
On Mon, Nov 24, 2014 at 1:17 PM, Les Mikesell lesmikesell@gmail.com wrote:
On Mon, Nov 24, 2014 at 12:12 PM, John R. Dennison jrd@gerdesas.com wrote:
On Mon, Nov 24, 2014 at 12:04:30PM -0600, Les Mikesell wrote:
Umm, yeah. Encrypted protocols would never be compromised....
Which do you think is more likely? Someone sniffing a cleartext credential set on the wire or someone subverting an alleged "secure" encrypted protocol?
For things that matter, you should expect both. For things that don't matter, well they don't matter.
Exactly. For instance, what if he needs to use some product whose vendor has never heard of ssh (or company died)? What if he is building a test lab for learning how to use wireshark? Until he comes back and lets us know, we are just farting in the wind.
Personally I expect him to know what he is doing
-- Les Mikesell lesmikesell@gmail.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Nov 24, 2014, at 11:04 AM, Les Mikesell lesmikesell@gmail.com wrote:
On Mon, Nov 24, 2014 at 11:38 AM, Leon Fauster leonfauster@googlemail.com wrote:
best practice is to not use clear text protocols anymore.
Umm, yeah. Encrypted protocols would never be compromised….
That’s absolutist thinking. There is no such thing as absolute security.
There is, however, such a thing as illusory security. in.telnetd is a fine example of this.
Study the OpenSSH list of fixed security problems:
http://www.openssh.com/security.html
I see only three that are attacks against the protocol itself, which is all that’s within the scope of argument here. Everything else is an attack on some other part of the system which would apply to other programs, regardless of encryption.
(e.g., A buffer overflow is a buffer overflow whether encrypted or not.)
Regardless, that list is pretty short for such a popular, security-focused 15-year-old program.
Now compare telnet: always vulnerable, all the time, since the day it was created, before most of the people on this list were born:
On Nov 24, 2014, at 3:46 PM, Warren Young wyml@etr-usa.com wrote:
Now compare telnet: always vulnerable, all the time, since the day it was created, before most of the people on this list were born:
Technically, you can run kerberized (krb5) telnet/telnetd, and it's not quite as insecure as unkerberized telnet. The telnet protocol supports security measures, but most people just use OpenSSH (which can do a lot more) so there's little effort being made to widely use it.
I doubt the OP was setting up krb5 telnetd, though.
-- Jonathan Billings billings@negate.org
On Nov 24, 2014, at 6:04 PM, Jonathan Billings billings@negate.org wrote:
On Nov 24, 2014, at 3:46 PM, Warren Young wyml@etr-usa.com wrote:
Now compare telnet: always vulnerable, all the time, since the day it was created, before most of the people on this list were born:
Technically, you can run kerberized (krb5) telnet/telnetd, and it's not quite as insecure as unkerberized telnet.
That only protects the authentication stage. You have to add RFC 2946 encryption or TLS to encrypt the rest of the conversation, something you get for free with SSH. Then having done that, you get to seek out the rare clients that can speak these protocol extensions, whereas all SSH clients do what you want as a matter of course.
It doesn’t look like CentOS 7’s in.telnetd supports this anyway. I base that on two bits of evidence:
1. The man page: " -a authmode ...not available in the current version.”
2. ldd /usr/sbin/in.telnetd doesn’t show that it’s linked to libgssapi.
On Tue, Nov 25, 2014 at 10:42:18AM -0700, Warren Young wrote:
It doesn’t look like CentOS 7’s in.telnetd supports this anyway. I base that on two bits of evidence:
The man page: " -a authmode ...not available in the current version.”
ldd /usr/sbin/in.telnetd doesn’t show that it’s linked to libgssapi.
You'd have to use the clients in krb5-appl-clients and the telnetd in krb5-appl-servers. The 'telnet' in krb5-appl-clients has an -x flag that encrypts the data stream.
I never use any of this anymore. In fact, the only reason why I used kerberized telnet was back before OpenSSH was as widespread, and encrypted telnet was less overhead on the really old Suns I used. I just wanted to point out that the 'telnet' protocol is more than plain text.
Thanks all. It is working now. Regards On 24 Nov 2014 20:11, "Frank Cox" theatre@melvilletheatre.com wrote:
On Mon, 24 Nov 2014 08:46:33 -0600 John R. Dennison wrote:
Why are you wanting to use telnet in the first place?
I don't know what his use case is, but I installed telnet on this computer a while back for the Android Remote Keyboard app.
https://play.google.com/store/apps/details?id=de.onyxbits.remotekeyboard
-- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Frank Cox -
John R Pierce -
John R. Dennison -
Jonathan Billings -
Leon Fauster -
Les Mikesell -
Mauricio Tavares -
Samson -
Warren Young