[CentOS] TELNENT TO LOCALHOST IN CENTOS 7

Tue Nov 25 17:42:18 UTC 2014
Warren Young <wyml at etr-usa.com>

On Nov 24, 2014, at 6:04 PM, Jonathan Billings <billings at negate.org> wrote:

> On Nov 24, 2014, at 3:46 PM, Warren Young <wyml at etr-usa.com> wrote:
>> Now compare telnet: always vulnerable, all the time, since the day it was created, before most of the people on this list were born:
> 
> Technically, you can run kerberized (krb5) telnet/telnetd, and it's not quite as insecure as unkerberized telnet.

That only protects the authentication stage.  You have to add RFC 2946 encryption or TLS to encrypt the rest of the conversation, something you get for free with SSH.  Then having done that, you get to seek out the rare clients that can speak these protocol extensions, whereas all SSH clients do what you want as a matter of course.

It doesn’t look like CentOS 7’s in.telnetd supports this anyway.  I base that on two bits of evidence:

1. The man page: " -a authmode  ...not available in the current version.”

2. ldd /usr/sbin/in.telnetd doesn’t show that it’s linked to libgssapi.