Enabling ftp and Telnet into a YDL box
Longman, Bill
longman at sharplabs.com
Mon Oct 4 12:51:24 MDT 2004
> > Just a note on telnet - ditch it unless you absolutely need
> it. Use ssh
> > instead. I don't really know the nuts and bolts, but I've
> read enough
> > from folks that do who all say telnet is rife with security
> problems.
> >
> > g'luck
>
>
> yeah the app itself is fine, its the protocol that is
> unsecure, it sends
> everything as clear text across the network, so anyone snooping your
> network would be able see passwords etc...
Yes, the data is easily visible to anyone on your IP network. But some
devices (dumb hubs or even most Cisco routers) only talk telnet, so you
still might need it. Lots of Linux folks forget this and start screaming
bloody murder about using telnet. And the other uber-useful thing about
telnet is debugging TCP connections:
telnet somehost someport
will tell you if "someport" is open on "somehost".
If the mail server at the lab is down, I can debug it from home like this:
telnet sharplabs.com smtp
The ensuing text gives me lots of information:
longman at home$ telnet sharplabs.com smtp
Trying 216.65.151.107...
Connected to sharplabs.com (216.65.151.107).
Escape character is '^]'.
220 sharplabs.com ESMTP Sendmail 8.13.1/8.13.1; Mon, 4 Oct 2004 11:33:43
-0700 (PDT)
quit
221 2.0.0 sharplabs.com closing connection
Connection closed by foreign host.
The very first line tells me several things. First, it tells me that DNS at
my home machine is working correctly because it gave me the IP address
(Aside: this example works because I know my DNS returns my mailserver as my
domain. Other domains will vary. You'd typically use this against a specific
*server* not a domain, but if I'm trying to debug mail, I'll start at the
domain and work toward the server that is causing the trouble.). It doesn't
tell me how it got that address (could be cached), but it got one.
The second line tells me more: TCP/IP is working all the way from the sharp
labs mail server to my house. In terms of a TCP connection, my client sent a
SYN packet and the mail server complied with an ACK and we've agreed on a
session. If that's all I wanted to check, I could quit here with a Ctrl-]
and I'd see the generic "telnet>" prompt. You jump back to your local
machine from there and you can give your telnet session different parameters
or send control messages to the other side using this technique. Or you can
type "quit" and drop the session, which is usually the only reason you use
^]!
The fourth line tells me that the mail server on the other end is working.
Now it's time to talk SMTP. The server is asking for a HELO message at this
point. Now you can debug the protocol with the commands for that session. I
chose the SMTP "QUIT" command and the server obliged by closing the session.
If you can do this with OpenSSH, I'd surely email you several cases of
frothy beverages.
More information about the yellowdog-newbie
mailing list