Re: telnet

2019-07-05 Thread Bill Cole 

On 5 Jul 2019, at 5:53, Balthasar Indermuehle wrote:

Telnet is a fantastic network service debugging tool, hence should 
always

remain included.


Too late. It's not in High Sierra (maybe even Sierra?) or the core 
installation of EL7 (RedHat/CentOS) and I have run into Debian and 
Ubuntu machines without it (not sure of the details of versions...)


The various incarnations of netcat are mostly as good or better for 
basic connection testing without the weird invisible protocol that gets 
used on port 23 (and in some versions on all connections by default.)


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)

Re: telnet

2019-07-05 Thread Niels Dettenbach (Syndicat IT & Internet) via macports-users 
Am 5. Juli 2019 11:26:13 MESZ schrieb Dr M J Carter 
:
>I'm not: it, and FTP, are horribly insecure.  The corresponding
>server-end daemons are (or should be) turned off on most sites in the
>interests of self-defence, and replaced by use of SSH.

Contrary to some "hype" (primarily driven by some major players in selling x509 
certs and a Browser foundation which earns huge amounts from them year by year) 
in the last years, there is no absolute "secure" as "insecure" in the IT world 
and almost anything "must be encrypted for security" It still makes sense for 
i.e. builders of network equipment and similiar to offer telnet or plain FTP 
(non secured, FTP is available with SSL / TLS too) - i.e. because the initial 
setup is done by a direct cable link or within any other environments, where 
data leakage / connection hijacking security requirements are "others" then 
most users think of at first. TFTP is a well known exslample for that. Data 
integrity has to be implemented on other levels then (if required - i.e. 
signatures) and data privacy is not always a concern - i.e. for downloads of 
large, public available files. And HTTPS with x509 is not a holy grahl of sec 
too in practice.

A unencrypted telnet as FTP stack requires a much smaller footprint and is much 
less ressource consuming / failure affected then a non-required encrypted 
alternative - i.e. on very small computing devices or platforms, as a kernel 
internal or whatever. I remember HP devices where the SSH remote console access 
hanged (RAM full) and telnet was the only option to gain any access back 
(usually over VPN or dedicated LAN).

And most modern console FTP clients are usually SSL/TLS capable out of the box, 
while FTP is still widely used as "public" as "private" Internet services.

And btw: netcat has the same security implications as a "substitute" for telnet 
(client). 

There is no "general insecure" as "general secure" tool in practice - there is 
only more or less "clever" / aware usage of...ß)


just my view,
beste regards,


niels.

-- 
Niels Dettenbach
Syndicat IT & Internet
https://www.syndicat.com

Re: telnet

2019-07-05 Thread Christoph Kukulies 



> Am 05.07.2019 um 11:26 schrieb Dr M J Carter :
> 
> On Fri, Jul 05, 2019 at 10:56:28AM +0200, Christoph Kukulies wrote:
> 
>> I’m surprised there is no telnet under standard macOS.
> 
> I'm not: it, and FTP, are horribly insecure.  The corresponding
> server-end daemons are (or should be) turned off on most sites in the
> interests of self-defence, and replaced by use of SSH.

I’m aware of this of course.
Nonetheless telnet is a useful tool when it comes to testing an SMTP connection 
or some other port.
Not that I’m missing it for its excellent user friendlyness and intuitive 
commands.


—
Christoph ^]




> 
>> Is there a macport? and if, what’s the package name?
> 
> $ port search telnet
> inetutils @1.9.4_11 (net)
>Inetutils is a collection of common network programs, including ftp, 
> telnet,
>rsh, rlogin, tftp and the corresponding daemons.
> 
> -- 
> Dr Martin J Carter
> Computer System Administrator
> Astrophysics, University of Oxford

Re: telnet

2019-07-05 Thread Richard L. Hamilton 
Unless you specifically need telnet protocol (inline IAC ... commands, and 
escaping them in data, and a few other oddities), netcat (nc6 is an IPv6-capable
clone port) can do most of that.

sh-3.2$ nc6 www.google.com 80
nc6: using stream socket
HEAD / HTTP/1.0

HTTP/1.0 200 OK
Date: Fri, 05 Jul 2019 10:00:27 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2019-07-05-10; expires=Sun, 04-Aug-2019 10:00:27 GMT; 
path=/; domain=.google.com
Set-Cookie: 
NID=187=bRMcl4KM-EHmUPMGiVhwFhhjX3zFFzlJ7cB0iyJZ4zamsQ8q1vyxjJj9wp8G9XTFuB__2bBG9AOl5js8bowufSceDN_2J4yjQVHCtUhsM4lvm7rHs60u2q2DqN_8K4l7SAUHdpCGZ4PX6-RJ4fPJnpbItcpbUbiRO8sMyMAKFYI;
 expires=Sat, 04-Jan-2020 10:00:27 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding


> On Jul 5, 2019, at 05:53, Balthasar Indermuehle  wrote:
> 
> Telnet is a fantastic network service debugging tool, hence should always 
> remain included. Eg telnet xyz 80 to check if the web server is responding, 
> whether there’s a sensible response etc. 
> 
> But yes, using it as it’s original intent is hopefully not supported 
> anywhere. That’s what ssh is for these days. 
> 
> Cheers
> 
> Balthasar
> 
> On Fri, 5 Jul 2019 at 19:46, Richard L. Hamilton  > wrote:
> Oops, inetutils can provide at least most of the daemons, if one uses the 
> non-default +server option.
> 
> -- 
> 
> Dr Balthasar Indermühle
> Inside Systems Pty Ltd
> 17 Gottenham Street
> Glebe NSW 2037, Australia
> t: +61 4 2791 2856 <>
>

Re: telnet

2019-07-05 Thread Marius Schamschula 
Christoph,

You might be looking for the inetuils package.

Marius

> On Jul 5, 2019, at 10:56 AM, Christoph Kukulies  wrote:
> 
> I’m surprised there is no telnet under standard macOS. Is there a macport? 
> and if, what’s the package name?
> 
> Thank you
> 
> —
> Christoph
>

Re: telnet

2019-07-05 Thread Balthasar Indermuehle 
Telnet is a fantastic network service debugging tool, hence should always
remain included. Eg telnet xyz 80 to check if the web server is responding,
whether there’s a sensible response etc.

But yes, using it as it’s original intent is hopefully not supported
anywhere. That’s what ssh is for these days.

Cheers

Balthasar

On Fri, 5 Jul 2019 at 19:46, Richard L. Hamilton  wrote:

> Oops, inetutils can provide at least most of the daemons, if one uses the
> non-default +server option.
>
> --

Dr Balthasar Indermühle
Inside Systems Pty Ltd
17 Gottenham Street
Glebe NSW 2037, Australia
t: +61 4 2791 2856

Re: telnet

2019-07-05 Thread Richard L. Hamilton 
Oops, inetutils can provide at least most of the daemons, if one uses the 
non-default +server option.

Re: telnet

2019-07-05 Thread Richard L. Hamilton 
Mojave (I think it was) got a bunch of the ancient insecure (not encrypted) 
command line tools, including telnet and ftp (you can still do ftp via Finder).

The BSD r-commands also went away (earlier than Mojave, I think).

The following provides the GNU versions of those, not necessarily identical to 
the former macOS versions; all the commands have a "g" prefix
to make that clear.  Unfortunately, I don't see symlinks for them without the 
"g" prefix in /opt/local/libexec/gnubin. This only provides the
client commands, not the corresponding server daemons, although for at least an 
ftpd, there are multiple ports available.  For the rest, you're
arguably better off without them, but if you don't believe that, you may be 
able to find them in an older version of the macOS source;
for example, except for ftpd, in 
https://opensource.apple.com/source/remote_cmds/remote_cmds-54.50.1/ 
 with 
ftpd in
https://opensource.apple.com/source/lukemftpd/lukemftpd-51/ 
 Not everything 
there will work; in particular, I would not expect the yp*
commands to be useful, since that doesn't include whatever does the lookups.

sh-3.2$ port contents inetutils
Port inetutils contains:
  /opt/local/bin/gdnsdomainname
  /opt/local/bin/gftp
  /opt/local/bin/ghostname
  /opt/local/bin/gifconfig
  /opt/local/bin/glogger
  /opt/local/bin/gping
  /opt/local/bin/gping6
  /opt/local/bin/grcp
  /opt/local/bin/grexec
  /opt/local/bin/grlogin
  /opt/local/bin/grsh
  /opt/local/bin/gtalk
  /opt/local/bin/gtelnet
  /opt/local/bin/gtftp
  /opt/local/bin/gtraceroute
  /opt/local/bin/gwhois
  /opt/local/share/info/inetutils.info
  /opt/local/share/man/man1/gdnsdomainname.1.gz
  /opt/local/share/man/man1/gftp.1.gz
  /opt/local/share/man/man1/ghostname.1.gz
  /opt/local/share/man/man1/gifconfig.1.gz
  /opt/local/share/man/man1/glogger.1.gz
  /opt/local/share/man/man1/gping.1.gz
  /opt/local/share/man/man1/gping6.1.gz
  /opt/local/share/man/man1/grcp.1.gz
  /opt/local/share/man/man1/grexec.1.gz
  /opt/local/share/man/man1/grlogin.1.gz
  /opt/local/share/man/man1/grsh.1.gz
  /opt/local/share/man/man1/gtalk.1.gz
  /opt/local/share/man/man1/gtelnet.1.gz
  /opt/local/share/man/man1/gtftp.1.gz
  /opt/local/share/man/man1/gtraceroute.1.gz
  /opt/local/share/man/man1/gwhois.1.gz

If there's any way you can make it happen, IMO it's much better to get sshd 
(with sftp support) put on the other end that you want to communicate
with, rather than using the old and insecure protocols; not the least is that 
the maintenance state of older protocol implementations may not be
all that great, whether you use MacPorts or build them yourself; no guarantee 
that you'll keep up with vulnerability fixes, etc.


> On Jul 5, 2019, at 04:56, Christoph Kukulies  wrote:
> 
> I’m surprised there is no telnet under standard macOS. Is there a macport? 
> and if, what’s the package name?
> 
> Thank you
> 
> —
> Christoph
> 
>

Re: telnet

2019-07-05 Thread Dr M J Carter 
On Fri, Jul 05, 2019 at 10:56:28AM +0200, Christoph Kukulies wrote:

> I’m surprised there is no telnet under standard macOS.

I'm not: it, and FTP, are horribly insecure.  The corresponding
server-end daemons are (or should be) turned off on most sites in the
interests of self-defence, and replaced by use of SSH.

> Is there a macport? and if, what’s the package name?

$ port search telnet
inetutils @1.9.4_11 (net)
Inetutils is a collection of common network programs, including ftp, telnet,
rsh, rlogin, tftp and the corresponding daemons.

-- 
Dr Martin J Carter
Computer System Administrator
Astrophysics, University of Oxford

telnet

2019-07-05 Thread Christoph Kukulies 
I’m surprised there is no telnet under standard macOS. Is there a macport? and 
if, what’s the package name?

Thank you

—
Christoph