(no subject)

[theweaselking]

Why the hell is "telnet" not included in the default load of programs in Server 2008?

Not "telnet server", not "receiving incoming telnet sessions", I mean the telnet CLIENT.

Comments

[kierthos.livejournal.com]

Why?

Contempt for society.

[sebkha.livejournal.com]

Security, perhaps? There's not much you can use telnet for without revealing a password to the rest of the network.

[elffin.livejournal.com]

I believe the phrase you need to understand as spoken by the executive that made the decision in question is "DUH, I EAT ____".

[sola.livejournal.com]

Erm. Isn't that a bit like buying a coat and finding out it doesn't come with sleeves?

[theweaselking.livejournal.com]

My main use of telnet is to see if a port is open and to see the banner of the service that's listening on the far side. That involves no passwords.

Bonus: You can *install* the telnet client, manually. From the "server features" menu.

[theweaselking.livejournal.com]

More like discovering that they've sewn shut one of the pockets.

[xomox.livejournal.com]

Microsoft doesn't have the resources to continue support for such a complex utility.

[sanityimpaired.livejournal.com]

That's a clever use of telnet, but isn't what it was designed for so I doubt they took it into account when making the decision.

Which doesn't mean it's not foolish of them, just that I can understand their foolishness.

[ronebofh.livejournal.com]

I've run into the same problem.... on Linux. The reason given? Security through obscurity. People are dumb.

[theweaselking.livejournal.com]

Which linux? Ubuntu, at least, hasn't done that as of 8.04

[endotoxin.livejournal.com]

I've seen the same with whois, dig, traceroute, and even ping.

[mhoye.livejournal.com]

Microsoft has a long, storied history of not letting you do stuff because somebody decided it _might_ constitute a security risk if you did it wrong. With their track record, it's laughable, but it's consistent. See also "why can't I run-as a batch file."

[mhoye.livejournal.com]

I've only seen that in distros that are trying to squeeze out every drop of data they can, with ruthless minimalism in mind.

[theweaselking.livejournal.com]

I can't fucking run-as from a command line in XP. How stupid is that?

[mhoye.livejournal.com]

I would _kill a man_ for a real sudo in windows. In a second.

[kierthos.livejournal.com]

I had a shirt like that once.

[squizzlzilla.livejournal.com]

because the microsoft telnet client is a pile of foetid dung, and you should download teraterm or something.

[ismarc.livejournal.com]

Telent is largely considered depreciated since it passes all info unencrypted. All auth credentials are passed in plaintext and easily sniffable.

SSH is prettymuch the defacto replacement, which is basically a telnet session with the encryption goodies (i.e. blowfish, DES/3DES, Arcfour, yadda yadda)

I guess this is their way of "encouraging" migration to more secure tools. Doesn't matter anyway since puTTY is sooooo much cooler.

Kinda sad though, considering I cut my teeth on good ole telnet.

[squizzlzilla.livejournal.com]

or PuTTY.

[theweaselking.livejournal.com]

Why would I want a new program on my lovely clean server? All I really want is the ability to open a connection to the port of my choice and see what answers. That's what "telnet" does.

Grrr. Easy to enable, but the fact that I have to do it annoys me.

[ismarc.livejournal.com]

http://sourceforge.net/projects/sudowin

Now. About the soon to be deceased...

[squizzlzilla.livejournal.com]

i would argue that if you have installed a microsoft product, it's not a 'lovely clean server' but i digress, and also that might be considered trolling.

[theweaselking.livejournal.com]

It sure as hell wasn't my first choice. However, when you have a web application that requires the MS office interop assemblies and COM objects, there aren't a lot of other options.

[drjamez.livejournal.com]

Under XP, does the native Runas.exe command not work for you? (Maybe it's not included in XP Home?)

http://technet.microsoft.com/en-us/library/bb490994.aspx

- James -

[ronebofh.livejournal.com]

CentOS. It's not stock, though, it was someone's clever idea of taking out packages that aren't absolutely needed.

[theweaselking.livejournal.com]

Let me clarify: I can't use runas from *within a script*, because it won't let me specify a fucking password on the command line and because even calling it as an admin still requires a password to run as a less-privileged user for some stupid reason. Making it useless.

[theweaselking.livejournal.com]

PS: It might not be in XP home. I have no idea. I don't use XP home.

[drjamez.livejournal.com]

Gotcha.

Here is a list of alternatives, if you're still interested, to get runas functionality from within a script.

http://www.commandline.co.uk/sanur/

- James -

[jsbowden.livejournal.com]

Ssh is not a replacement telnet. It replaces rsh/rlogin. Telnet can be kerberized, overcoming its lack of encryption for credentials, but it will still pass unencrypted traffic over the network.

Oh, and when Cisco releases an IOS update for all their routers still in use with SSH support, I'll consider getting rid of telnet, but even then, I've still got networking gear that either requires a serial console or only speaks telnet.

[theweaselking.livejournal.com]

No, I worked around the problem by installing Linux instead.

[theweaselking.livejournal.com]

Sure, but without telnet, how can I open a connection on a specific port and see that yes, the banner really does say ESMTP, it does accept an EHLO, and that STARTTLS is an option?

Or, in the case that prompted this specific rant today, how else am I supposed to determine if the rsync server really IS picking up the phone on 873 the way it says it is?

(It wasn't. This was most of the problem - but I figured "telnet localhost 873" would be a perfectly sensible way to find out!)

[theweaselking.livejournal.com]

PS: could install PuTTY and use it's telnet client.

Could install teraterm, too.

But the problem with those is that they are *extra applications*, and telnet is *core OS functionality, dammit*.

[drjamez.livejournal.com]

That is the best solution. Feel lucky that your company allows such an option - some of us are allowed to use specific flavors of Linux in certain ways, but not all ways.

- James -

[zastrazzi.livejournal.com]

"But the problem with those is that they are *extra applications*, and telnet is *core OS functionality"

Well, not really or the OS wouldn't function with it missing ;) It's definitely a utility fairly common to basic testing though, and I use it in exactly the same way when testing a mail server. Confirming the open port, banner check, sending mail via that telnet session so I can see the errors without having to install/use wireshark.

Off the original topic, but on topic for the segue, netcat/nc is a damned handy tool that allows you to test both tcp and udp connection - worth playing with if you haven't already.

[dglenn.livejournal.com]

In addition to laming out and using telnet instead of downloading and installing PuTTY, I've also used it to a) connect to machines that didn't have sshd installed (using SKey instead of a password in the clear helps...), b) troubleshoot mail and web weirdness by telnetting to port 25 or port 80, c) connect via telnet from a machine that didn't have an IRC client to a service that had an IRC gateway hooked to its incoming telnet port instead of a shell login (okay, not recently), d) connect shell scripts and cron jobs between machines on a single LAN where I was sure no outsiders could be sniffing (though I tend to use rlogin more often than telnet for this).

Eventually I'll figure out how to do (d) with ssh, maybe. As for (c), once upon a time there were several wee informational services connected to port 23 on machines around the net (also on port 79, 'finger') where you didn't enter a password and login; just telnetted to the port and got a message (such as a weather forecast), or a prompt for some database query. I don't know whether any of those are still around -- they may have all been replaced by HTTP-based versions by now.

Note that troubleshooting by using telnet to connect to the mail or web port is often useful when you're telnetting back to the same box your telnetting from.

Once in a whie I even find it useful o telnet to 127.0.0.1 and log in, when I'm getting some sort of weirdness from environment variables using su or just invoking a subshell. I'm not all that worried about password sniffing when telnetting to the loopback address, especially when I'm the only user on the box. Though admittedly that case doesn't come up very often in Windows.

For that matter, I've used telnet to troubleshoot odd routing and ipconfig glitches. Using telnet instead of ssh removes one layer of potential glitch-source during low-level troubleshooting.

I find telnet a very useful tool to have around, even in the age of ssh.

[theweaselking.livejournal.com]

PuTTY can do telnet.

It's just... an extra application. Yick.

[dglenn.livejournal.com]

Ah, I hadn't noticed because every box I've installed PuTTY on has already had one or two plain telnet clients. Good to know. But, like you, I feel that basic telnet should be supplied with the OS right out of the box.

[dglenn.livejournal.com]

Ah. The only examples of squeeze-every-drop Linux I've used have been targetted at emergency-troubleshooting (boot from floppy or thumbdrive) distros, so they included traceroute and ping.

[theweaselking.livejournal.com]

Take a look at some of the embedded distros sometime. They're *neat*.

[ismarc.livejournal.com]

LOL! I was wondering who was going to be first with the obligatory "it is not" remark regarding telnet/ssh/rsh. You win!

Fair enough but I really didn't want to delve into the sordid and incestuous history of ARPnet and friends. Such details would be for "How Networks Give Us Headaches 102". I'm trying to keep things to an elementary level for our current class of "Why Networks Suck 101".

[ismarc.livejournal.com]

For future reference you might consider just slapping Cygwin in there if you are using a MS box. Just be sure to select the telnet package at installation since, if I remember correctly, telnet is not installed by default.

[quotation.livejournal.com]

Once you have telnet installed, be sure to connect to towel.blinkenlights.nl