LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A hole in telnetd

A hole in telnetd

Posted Jan 5, 2012 3:02 UTC (Thu) by smoogen (subscriber, #97)
Parent article: A hole in telnetd

Most of the devices I have seen that run telnetd are things like powerstrips, printers, and serial consoles. They usually don't have a lot of CPU/random noise and so require keys to be uploaded somehow for SSL/SSH to work properly. If they use the same or related telnetd.. then the fixes are going to be a LOT harder to get out.

2012 the year of the powerstrip worm.

(Log in to post comments)

A hole in telnetd

Posted Jan 5, 2012 16:28 UTC (Thu) by epa (subscriber, #39769) [Link]

ssh with a predictable host key is still better than telnet. Heck, even ssh without encryption (older versions supported a 'none' cipher) is better than telnet, though on any CPU made in the last 15 years encryption won't be much of a burden.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds