Goodbye kerberized telnetd?
by camerabambai from LinuxQuestions.org on (#5D571)
I have configured the krb5-appl on Linux server(samba DC).
The server is configured to refuse cbc(obsolete and removed from krb5 server)
and accept only aes-256 which is secure.
The telnet doesn't work anymore
Code:telnet samba5
Trying 10.3.0.4...
Connected to samba5.myhome.priv.
Escape character is '^]'.
Unencrypted connection refused. Goodbye.
>>>TELNETD: I will support DES_CFB64
>>>TELNETD: I will support DES_OFB64
>>>TELNETD: in encrypt_wait
Connection to samba5.myhome.priv closed by foreign host.Ftp works fine, the client is Solaris, but also Linux clients using kftp works.
Code:ftp -a samba5
Connected to samba5.myhome.priv.
220 samba5.myhome.priv FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI authentication succeeded
232 GSSAPI user pino@MYHOME.PRIV is authorized as pino
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>The question is really simple: kerberized telnet is a thing of the past?
Why kftpd support AES256 and telnetd not?They developed a ftpd server to support new encryption, and forgot the telnetd?
p.s=I know ssh can replace telnet
The server is configured to refuse cbc(obsolete and removed from krb5 server)
and accept only aes-256 which is secure.
The telnet doesn't work anymore
Code:telnet samba5
Trying 10.3.0.4...
Connected to samba5.myhome.priv.
Escape character is '^]'.
Unencrypted connection refused. Goodbye.
>>>TELNETD: I will support DES_CFB64
>>>TELNETD: I will support DES_OFB64
>>>TELNETD: in encrypt_wait
Connection to samba5.myhome.priv closed by foreign host.Ftp works fine, the client is Solaris, but also Linux clients using kftp works.
Code:ftp -a samba5
Connected to samba5.myhome.priv.
220 samba5.myhome.priv FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI authentication succeeded
232 GSSAPI user pino@MYHOME.PRIV is authorized as pino
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>The question is really simple: kerberized telnet is a thing of the past?
Why kftpd support AES256 and telnetd not?They developed a ftpd server to support new encryption, and forgot the telnetd?
p.s=I know ssh can replace telnet