Dear Maintainers, Please consider enabling telnetd in the busybox package. A tiny and trivial patch to set the config is attached inline. A rebuild with that change seems to work fine. As much as I wish it wasn't the case, telnet is still widely used, especially in the ISP/telco world. Telcos networking engineers expect to be able to telnet into boxes in their network even today. Having telnetd available without having to rebuild busybox would be extremely handy when using Debian (or derivatives) in small boxes (eg: arm64) inside a telecommunication provider's network. Thanks! --- debian/config/pkg/deb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/config/pkg/deb b/debian/config/pkg/deb index 290205d99..73428dc5b 100644 --- a/debian/config/pkg/deb +++ b/debian/config/pkg/deb @@ -903,8 +903,8 @@ CONFIG_TELNET=y CONFIG_FEATURE_TELNET_TTYPE=y CONFIG_FEATURE_TELNET_AUTOLOGIN=y CONFIG_FEATURE_TELNET_WIDTH=y -# CONFIG_TELNETD is not set -# CONFIG_FEATURE_TELNETD_STANDALONE is not set +CONFIG_TELNETD=y +CONFIG_FEATURE_TELNETD_STANDALONE=y # CONFIG_FEATURE_TELNETD_INETD_WAIT is not set CONFIG_TFTP=y # CONFIG_TFTPD is not set -- 2.11.0
As much as I don't mind doing weird things in support of weird use cases, in this particular case I think that would be sending out the wrong message. We shouldn't do that, IMO, but rather encourage people to switch to SSH instead of telnet. It might make sense to add some documentation that explains why telnet isn't supported, however. As an aside, can you tell which telco's we are talking about?
I wish that could happen, I swear. Having to support it is just... "fun". :-( We tried. Everybody knows it's bad, insecure, generally horrible and all that. But at the very least until all the network operators trained by a certain network hardware vendor will retire demand for telnet is not going away, sadly. I wish I could do anything to change that. Right now it's an North American provider with a three characters name ;-) But I've yet to find one telco that doesn't demand telnet, unfortunately. They are not alone in that. Thanks!
As much as I don't mind doing weird things in support of weird use cases, in this particular case I think that would be sending out the wrong message. We shouldn't do that, IMO, but rather encourage people to switch to SSH instead of telnet. It might make sense to add some documentation that explains why telnet isn't supported, however. As an aside, can you tell which telco's we are talking about?
Busybox upstream does that in https://busybox.net/tinyutils.html Which has a pointer to http://matt.ucc.asn.au/dropbear/ Text from the homepage of dropbear Dropbear SSH Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers. That in other words: There is an alternative for telnetd There is NO need to keep sending clear text passwords ... Groeten Geert Stappers
Anything that makes it more work for you and hence gives more incentive for you to get the clueless people that want to keep using telnet to change is a good thing. Allowing telnet access ought to be made as difficult as possible. People have been saying to not use telnet for about 20 years now. They better have learned by now.
Anything that makes it more work for you and hence gives more incentive for you to get the clueless people that want to keep using telnet to change is a good thing. Allowing telnet access ought to be made as difficult as possible. People have been saying to not use telnet for about 20 years now. They better have learned by now.
LOL. you are aware that this would only cause (these) people to switch away from Debian, but not from telnet? also, I miss your removal requests for the telnetd and ftpd and (countless) other packages. to the original poster: what's wrong with installing telnetd? its only 103kb in size...
Again, I wish it could work like that. Sadly, it doesn't. More work for me just means more work for me, nothing else. The people that want telnet will keep using telnet, if not from Debian from a downstream fork or from a different distro or worse from a proprietary vendor. It's not that they haven't learned - it's just that they don't care.
I honestly believe they just haven't tried. As long as you indulge them, they will keep training new people with bad habits. It won't go away until you make it go away. Sometimes you really do have to tell people no. Well at least in a separate package you don't accidentally get it just by installing busybox.
Sorry, but that's just not the case. Honestly, I tried, may others have too, it's just not going to happen - either Debian provides it, or they'll go somewhere else (or ask for the services to be based on a different distro and so on). Well for small systems for starters - most tools provided by busybox are "just a few kb in size", but we still use it. More importantly in my case, busybox telnetd is really standalone and can do inetd work by itself, which is not the case for the standard telnetd. So it's not just a matter of footprint, but lack of feature too. Even if you install it, it won't do anything unless you enable it via an init script or by starting it manually. So there's no chance of using it by mistake.
that (eg: 2001 Dear Maintainers, Any chance this patch could be looked at? It would really help those of us in the networking world using Debian, and would make no difference for anybody else as there's no service/init script to start the daemon automatically. Thanks!
Hi Luca, It would be remiss of us to deliberately introduce support for a network protocol that has no realistic prospect of secure operation. We will not enable telnetd in any of the flavours of busybox that we currently package. I would encourage you to build your own busybox packages if you need this functionality, or to simply install one of the multiple available standalone telnetd packages available in Debian. That being said, a new flavour of busybox is under consideration that enables all possible feature flags (within reason). Given the goal of such a package, it would be entirely possible for telnetd to be included in it. There is no timeline for the introduction of such a package and every chance it might not happen, though. Best regards, Chris
Respectfully, telnetd has been enabled for busybox-stable since 2010, so you can install busybox-stable. Maybe this is an indication that busybox-stable needs to be audited, or that all 3 configurations should be audited to make sure something isn't missing that has no reason to be. (I have a few in mind already, but they deserve their own bugs) Best Regards, Jonathan Rubenstein
Pardon me, I need to proofread. I mean busybox-static. Best Regards, Jonathan Rubenstein