Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
On Nov 24, 2014, at 6:04 PM, Jonathan Billings billi...@negate.org wrote: On Nov 24, 2014, at 3:46 PM, Warren Young w...@etr-usa.com wrote: Now compare telnet: always vulnerable, all the time, since the day it was created, before most of the people on this list were born: Technically, you can run kerberized (krb5) telnet/telnetd, and it's not quite as insecure as unkerberized telnet. That only protects the authentication stage. You have to add RFC 2946 encryption or TLS to encrypt the rest of the conversation, something you get for free with SSH. Then having done that, you get to seek out the rare clients that can speak these protocol extensions, whereas all SSH clients do what you want as a matter of course. It doesn’t look like CentOS 7’s in.telnetd supports this anyway. I base that on two bits of evidence: 1. The man page: -a authmode ...not available in the current version.” 2. ldd /usr/sbin/in.telnetd doesn’t show that it’s linked to libgssapi. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
On Tue, Nov 25, 2014 at 10:42:18AM -0700, Warren Young wrote: It doesn’t look like CentOS 7’s in.telnetd supports this anyway. I base that on two bits of evidence: 1. The man page: -a authmode ...not available in the current version.” 2. ldd /usr/sbin/in.telnetd doesn’t show that it’s linked to libgssapi. You'd have to use the clients in krb5-appl-clients and the telnetd in krb5-appl-servers. The 'telnet' in krb5-appl-clients has an -x flag that encrypts the data stream. I never use any of this anymore. In fact, the only reason why I used kerberized telnet was back before OpenSSH was as widespread, and encrypted telnet was less overhead on the really old Suns I used. I just wanted to point out that the 'telnet' protocol is more than plain text. -- Jonathan Billings billi...@negate.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] TELNENT TO LOCALHOST IN CENTOS 7
I just install Centos 7 on my laptop. I have also installed telnet-server and telnet. I can telnet to other server from my local CentOS 7 but can not telnet localhost also, i can not telnet to my localhost from other server. I try to check telnet file in /etc/xinetd.d directory but the file telnet is not there. Please can someone help me with the steps to install telnet or enable telnet services on CENTOS 7 so that i can telnet my localhost. Below is the error message: [claire@ittestsrvr ~]$ telnet localhost Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
On Mon, Nov 24, 2014 at 9:33 AM, Samson oko...@gmail.com wrote: I just install Centos 7 on my laptop. I have also installed telnet-server and telnet. I can telnet to other server from my local CentOS 7 but can not telnet localhost also, i can not telnet to my localhost from other server. I try to check telnet file in /etc/xinetd.d directory but the file telnet is not there. Please can someone help me with the steps to install telnet or enable telnet services on CENTOS 7 so that i can telnet my localhost. Below is the error message: [claire@ittestsrvr ~]$ telnet localhost Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused I will not go over the question about running telnet in your laptop; others will chime in. Now that is out, did you check whether telnet is running using ps and netstat? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
On Mon, Nov 24, 2014 at 9:38 AM, Mauricio Tavares raubvo...@gmail.com wrote: On Mon, Nov 24, 2014 at 9:33 AM, Samson oko...@gmail.com wrote: I just install Centos 7 on my laptop. I have also installed telnet-server and telnet. I can telnet to other server from my local CentOS 7 but can not telnet localhost also, i can not telnet to my localhost from other server. I try to check telnet file in /etc/xinetd.d directory but the file telnet is not there. Please can someone help me with the steps to install telnet or enable telnet services on CENTOS 7 so that i can telnet my localhost. Below is the error message: [claire@ittestsrvr ~]$ telnet localhost Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused I will not go over the question about running telnet in your laptop; others will chime in. Now that is out, did you check whether telnet is running using ps and netstat? Also, how did you turn telnet on? Leave xinetd alone. What does systemctl status telnet.socket tell you? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
On Mon, Nov 24, 2014 at 03:33:24PM +0100, Samson wrote: Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused Because telnet is 1970s tech that should die in a fire; it's not enabled by default nor does the firewall permit it by default. Why are you wanting to use telnet in the first place? John -- There is something fundamentally wrong with a system where not being charged with a war crime keeps you locked away indefinitely and a war crime conviction is your ticket home. -- Morris Davis, retired USAF Colonel, former Chief Prosecutor for the terrorism trials at Guantanamo Bay, 29 April 2013 pgplvshfN7zJx.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
On Mon, 24 Nov 2014 08:46:33 -0600 John R. Dennison wrote: Why are you wanting to use telnet in the first place? I don't know what his use case is, but I installed telnet on this computer a while back for the Android Remote Keyboard app. https://play.google.com/store/apps/details?id=de.onyxbits.remotekeyboard -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
Am 24.11.2014 um 18:11 schrieb Frank Cox thea...@melvilletheatre.com: On Mon, 24 Nov 2014 08:46:33 -0600 John R. Dennison wrote: Why are you wanting to use telnet in the first place? I don't know what his use case is, but I installed telnet on this computer a while back for the Android Remote Keyboard app. https://play.google.com/store/apps/details?id=de.onyxbits.remotekeyboard best practice is to not use clear text protocols anymore. -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
On Mon, Nov 24, 2014 at 11:38 AM, Leon Fauster leonfaus...@googlemail.com wrote: Am 24.11.2014 um 18:11 schrieb Frank Cox thea...@melvilletheatre.com: On Mon, 24 Nov 2014 08:46:33 -0600 John R. Dennison wrote: Why are you wanting to use telnet in the first place? I don't know what his use case is, but I installed telnet on this computer a while back for the Android Remote Keyboard app. https://play.google.com/store/apps/details?id=de.onyxbits.remotekeyboard best practice is to not use clear text protocols anymore. Umm, yeah. Encrypted protocols would never be compromised -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
The original poster has not replied, so we do not know his reasoning. On Mon, Nov 24, 2014 at 1:17 PM, Les Mikesell lesmikes...@gmail.com wrote: On Mon, Nov 24, 2014 at 12:12 PM, John R. Dennison j...@gerdesas.com wrote: On Mon, Nov 24, 2014 at 12:04:30PM -0600, Les Mikesell wrote: Umm, yeah. Encrypted protocols would never be compromised Which do you think is more likely? Someone sniffing a cleartext credential set on the wire or someone subverting an alleged secure encrypted protocol? For things that matter, you should expect both. For things that don't matter, well they don't matter. Exactly. For instance, what if he needs to use some product whose vendor has never heard of ssh (or company died)? What if he is building a test lab for learning how to use wireshark? Until he comes back and lets us know, we are just farting in the wind. Personally I expect him to know what he is doing -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
On 11/24/2014 10:04 AM, Les Mikesell wrote: mm, yeah. Encrypted protocols would never be compromised door locks can be picked, so I should never lock my doors? -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
On Mon, Nov 24, 2014 at 12:12 PM, John R. Dennison j...@gerdesas.com wrote: On Mon, Nov 24, 2014 at 12:04:30PM -0600, Les Mikesell wrote: Umm, yeah. Encrypted protocols would never be compromised Which do you think is more likely? Someone sniffing a cleartext credential set on the wire or someone subverting an alleged secure encrypted protocol? For things that matter, you should expect both. For things that don't matter, well they don't matter. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
On Mon, Nov 24, 2014 at 12:04:30PM -0600, Les Mikesell wrote: Umm, yeah. Encrypted protocols would never be compromised Which do you think is more likely? Someone sniffing a cleartext credential set on the wire or someone subverting an alleged secure encrypted protocol? Nothing is bullet-proof, we all know this, but you at least make an attempt not to run cleartext crap. John -- Those who know do not speak; those who speak do not know. -- Tao pgpA6hGS2liZ9.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
On Nov 24, 2014, at 11:04 AM, Les Mikesell lesmikes...@gmail.com wrote: On Mon, Nov 24, 2014 at 11:38 AM, Leon Fauster leonfaus...@googlemail.com wrote: best practice is to not use clear text protocols anymore. Umm, yeah. Encrypted protocols would never be compromised…. That’s absolutist thinking. There is no such thing as absolute security. There is, however, such a thing as illusory security. in.telnetd is a fine example of this. Study the OpenSSH list of fixed security problems: http://www.openssh.com/security.html I see only three that are attacks against the protocol itself, which is all that’s within the scope of argument here. Everything else is an attack on some other part of the system which would apply to other programs, regardless of encryption. (e.g., A buffer overflow is a buffer overflow whether encrypted or not.) Regardless, that list is pretty short for such a popular, security-focused 15-year-old program. Now compare telnet: always vulnerable, all the time, since the day it was created, before most of the people on this list were born: http://tools.ietf.org/html/rfc15 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
On 11/24/2014 6:38 AM, Mauricio Tavares wrote: I will not go over the question about running telnet in your laptop; others will chime in. Now that is out, did you check whether telnet is running using ps and netstat? useless advise, since telnet is almost always run from a socket, the telnetd is only running if there's an active connection. to the OP, the *correct* answer is, do not use or touch xinetd, and if you modified anything in xinetd, undo it. heck, uniinstall xinetd, nothing in RHEL7/CentOS7 uses xinetd anymore. root# systemctl enable telnet.socket root# systemctl start telnet.socket the first command enables it so its available when the system is rebooted. the 2nd command starts it now. now, I will have to concur, the telnet protocol should be banned, and anything using it should be updated to use ssh instead. I haven't enabled telnetd on any unix/linux host for the last 10+ years. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
On Nov 24, 2014, at 3:46 PM, Warren Young w...@etr-usa.com wrote: Now compare telnet: always vulnerable, all the time, since the day it was created, before most of the people on this list were born: Technically, you can run kerberized (krb5) telnet/telnetd, and it's not quite as insecure as unkerberized telnet. The telnet protocol supports security measures, but most people just use OpenSSH (which can do a lot more) so there's little effort being made to widely use it. I doubt the OP was setting up krb5 telnetd, though. -- Jonathan Billings billi...@negate.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
On Mon, Nov 24, 2014 at 3:59 PM, John R Pierce pie...@hogranch.com wrote: On 11/24/2014 6:38 AM, Mauricio Tavares wrote: I will not go over the question about running telnet in your laptop; others will chime in. Now that is out, did you check whether telnet is running using ps and netstat? useless advise, since telnet is almost always run from a socket, the telnetd is only running if there's an active connection. to the OP, the *correct* answer is, do not use or touch xinetd, and if you modified anything in xinetd, undo it. heck, uniinstall xinetd, nothing in RHEL7/CentOS7 uses xinetd anymore. root# systemctl enable telnet.socket root# systemctl start telnet.socket I take you missed the part in my reply asking him to do systemctl status telnet.socket the first command enables it so its available when the system is rebooted. the 2nd command starts it now. now, I will have to concur, the telnet protocol should be banned, and anything using it should be updated to use ssh instead. I haven't enabled telnetd on any unix/linux host for the last 10+ years. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TELNENT TO LOCALHOST IN CENTOS 7
Thanks all. It is working now. Regards On 24 Nov 2014 20:11, Frank Cox thea...@melvilletheatre.com wrote: On Mon, 24 Nov 2014 08:46:33 -0600 John R. Dennison wrote: Why are you wanting to use telnet in the first place? I don't know what his use case is, but I installed telnet on this computer a while back for the Android Remote Keyboard app. https://play.google.com/store/apps/details?id=de.onyxbits.remotekeyboard -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
