Merry Christmas from FreeBSD

Telnet is not as rare as we may think.

I recently encountered a couple of relatively important companies (which shall remain unnamed, sadly) selling and using Linux software, who to my utter shock were using Telnet pervasively and were mostly unaware of ssh. Perhaps this isn't surprising given that they also (ab)used VNC for remote access to Linux workstations.

This is not exactly related to FreeBSD, but here goes: Linux has gained a lot of ground, especially in the embedded arena, but with that also comes a lot of incompetence, and it is staggering. It is a far cry from what we might imagine on LWN. Merging with the mainline kernel - pfffft - nobody is even aware of a "mainline" or even "kernel". GPL - never heard of it. Some people actually do believe that you do not have to follow the GPL if you pay some amount of money to "Linux". WTF? It is all a disgusting mess of binary drivers and GPL violations.

Lastly, nobody actually uses Linux for development. Embedded software is developed on Windows with Visual Studio (not even Cygwin - nobody has heard of Cygwin) and only occasionally tested on Linux (in a VM of-course - Linux on actual hardware is scary). Binaries, shared libs, configuration files and even logs are all stored in the same directory in true Windows fashion. Of course shared libs exist multiple times (.so, .so.1, .so.1.2, etc) because nobody knows about symbolic links and they copied the files with Windows Explorer.

I am truly depressed. I hope I have observed an exception, but I doubt it.

On the bright side, it means more job security LWN readers :-)

I think the most scary issue here is if all the juniper routers/firewalls running junos (based on freebsd) is also vulnerable. For some reason network admins seems to still use telnet a lot.. Also NetApp, Isilons and many more devices based on freebsd might be vulnerable. So this hole could be big.

A couple years ago I tried to nmap the whole Net for the open telnet ports. I found around 10 million devices which is a bit scary, since quite a good percent of them were Cisco/Juniper routers.

The FreeBSD-guys use *CVS* to manage their files ?

I'd say that's almost as bad as having a telenetd open to the intertubes. Both are practices that are atleast a decade overdue for a upgrade.

If you can't get people to switch for security reasons, you'd think you'd be able to get them to switch for usability reasons. Telnet is painful in the extreme to use for anything but live, interactive sessions. Bah. Ssh is so much simpler to use, and has so many more capabilities, that it's a no-brainer even leaving security aside (which, of course, should be enough for everyone anyway).

I've had quite a recent situation where telnet did the job and ssh didn't:
Connecting to a newly-imaged board as part of the programming process.

You can do it for one board with ssh using a pre-generated key in the image, but then each subseqent board generates a 'Help the other end of the connection has changed - refusing to connect'. So far as I could tell there is no way to tell ssh not to do that, so it was entirely useless.

Telnet just worked, and in this case was being used on an internal wired network, firewalled by the programming machine so the use of cleartext logins really didn't matter.

And telnet is still a really useful testing tool for checking out if a port/service does what you expect. Sometimes nc will do instead but telnet is generally more convenient.