Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Quarrel 19 hours ago

What an amazing bug. I probably spent my first 10 years on the internet just using telnet. They were wild times. You could log ethernet traffic and see passwords. Towards the end of those we started to have a few more single-user machines, but the vast majority were old school many many user machines, where "root" was thought to be tightly restricted (of course, even then, in practice it wasn't if you were in the know).

Anyway, just wild seeing this:

> telnet -l 'root -f' server.test

or

> USER='-f root' telnet -a server.test

Survive 11 years.

anitil 18 hours ago | parent | next [-]

The more I work in software, the more amazed I am that anything works at all. There's likely so much low hanging fruit out there

Telemakhos 18 hours ago | parent | prev | next [-]

I never sent root over telnet, but I spent too much vacation time browsing the web via lynx on my school AIX account from a library near my parents' home, because it had a telnet client in addition to the card catalogue program on the otherwise locked down desktop. It was just a more innocent time: you didn't assume your traffic was being logged six ways to Sunday. With telnet access to my AIX account, I could do all the internet things, like mail (pine) and the web (lynx) and irc, from a convenient command line anywhere in the world.

qingcharles 10 hours ago | parent | prev | next [-]

When did we all stop using telnet? I can't even remember. Most of my first 10-15 years was using telnet. One day I used telnet to connect to a shell for the last time and didn't know it. I had a ton of servers all with root telnet access Internet facing. Never hacked once, somehow. Those were the days.

roryirvine 4 hours ago | parent | next [-]

In the Linux / BSD world, SSH took off incredibly fast for the time. I'd estimate that maybe 80% of people had moved to it within the first year of its release.

But adoption stalled when the original SSH moved to a commercial license in 1996-ish - many of us stuck with the last free version, but vulnerabilities started to pile up. There were various half-working alternatives, but it wasn't until OpenSSH came out in 1999 that the remaining telnet holdouts started to move across.

icedchai 3 hours ago | parent [-]

It was 1996 for me. I forget where the original SSH (SSH1 protocol) came from, but I do remember compiling it on a Slackware box around that time.

RupertSalt 8 hours ago | parent | prev [-]

I worked for an ISP in the mid-90s and had been on the Internet since 1989 or so. I recall the progression for me was something like this:

We used telnet in college no problem. It was a fairly well-accepted method of remote access. The heterogeneous network had many different modes, but a major dialup point was the Annex box, which supported telnet into the Unix or VMS machines.

Between Unix machines, we would often prefer "rlogin" instead. There were several horrific iterations of other remote-access protocols such as "remsh". rlogin was notorious for its "/etc/hosts.equiv" authorization method which trusted DNS and should've been perceived as Swiss Cheese from the outset. rlogin was, IIRC, directly related to rsh and rcp and used the same frameworks. rlogin was no more secure than telnet, but probably less secure because of its conveniences.

We also used port 23/tcp for remote management, for example Cisco routers. They weren't running telnetd, but it was the port where you connected remotely and logged in with or without credentials.

rlogin persisted alongside telnet, until encryption came into fashion and ssh was distributed. Once ssh was available and working well, everyone knew that telnetd and rlogind were on borrowed time. The services were shut down and disabled in inetd. The ports were sometimes blocked. Security advisories went out.

I suppose it took a long, long time for ssh to finally dominate, and for people to abandon telnetd mostly, but it was fairly thorough. We all recognized the superiority of sshd's authentication and encrypted channels.

There were mitigations for people to extend their legacy use of telnetd and rlogind. For example, tcp wrappers and fail2ban could be implemented. Firewall filters could select only authorized networks. VPNs could tunnel through an Intranet that still used them. So, the services lived on wherever they didn't need to be exposed on the public Internet. But I think most Unix admins got the picture by the end of the dot-com bubble.

Quarrel 7 hours ago | parent [-]

> /etc/hosts.equiv

Ah, the memories.

cat '+ +' >> /etc/hosts.equiv

RupertSalt 7 hours ago | parent [-]

Ah, I have no memory of such a command, so I must be getting old!

mlyle 14 hours ago | parent | prev | next [-]

It's hilarious, especially given that I have memories of similar rlogin vulnerabilities -- various unixes being vulnerable to rlogin -l '-froot' in the 90s.

wellf 11 hours ago | parent | prev [-]

Never used telnet to log in to something but it is a cool debugging tool, so used it for that. E.g. can this container even send traffic to that container at all.

itintheory 6 hours ago | parent [-]

I'm a fan of 'nc' / netcat for this purpose. It's small, quick, and can send or receive over TCP or UDP.