On Mon, 09 Dec 2019 08:21:27 -0800 pe...@easthope.ca wrote: > > telnetd is INSECURE and SHOULD NOT BE USED unless you have ... > > EXPLICITLY STATED reason. > > Where is that policy published? Where should the description of use > be submitted for approval?
I have no idea whose policy you refer to, so I don't know if it's policy or not. One of the main reasons telnet is deprecated is because it sends passwords in the clear, so a malevolent snooper can harvest passwords. > > A session is routinely opened with xterm, gnome-terminal, lxterm and > etc. without authentication. Why is authentication so necessary for > "telnet localhost"? telnet localhost was not the typical use case. I suspect a malevolent user on the same computer might be able to sniff passwords and other traffic from memory. Since you are probably the sole user on your computer, that is an unlikely scenario. Remember that Unix security evolved in a day when Unix boxen were multi-user, and one (especially administrators) could not assume benevolence on the part of all users. Be aware of risks, and assess your own situation accordingly. If you still prefer to use telnet, go for it. -- Does anybody read signatures any more? https://charlescurley.com https://charlescurley.com/blog/