root login with telnetd

Beech Rintoul beech at
Sun Mar 11 09:03:37 UTC 2007

On Saturday 10 March 2007 22:14, Wojciech Puchar said:
> >> with sshd and rshd it can be set, with telnetd - no success.
> >
> > That is a REALLY BAD idea. Why don't you just publish your
> > address and set the root password to nothing. It's only going to
> > take a cracker a couple of minutes or less to own your server
> > once they find you (and they will).
> another stupid one not answering the question.
> could you describe how you get my password in a couple of minutes
> if you are so intelligent?

There are and have been many known exploits through telnet. The most 
recent one a couple of weeks ago affects SunOS where you can, using 
telnet, get root privileges without even logging in as root. Telnet 
does everything in clear text including passwords. All that's needed 
is to get in and install some network sniffing and the first time 
root logs in they would have the password. For a valid normal user on 
the LAN, it would be even easier.

If you're looking for ease of login look into ssh and keys, that way 
you don't even need a password. Details are in the handbook. Even 
works from windows.

I don't know anyone that still uses telnet except for testing on a 
totally closed network. An ISP I worked for disabled it and 
firewalled the port more than five years ago.

Beech Rintoul - Port Maintainer - beech at
/"\   ASCII Ribbon Campaign  | FreeBSD Since 4.x
\ / - NO HTML/RTF in e-mail   |
 X  - NO Word docs in e-mail | Latest Release:
/ \  -

More information about the freebsd-questions mailing list