Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 14 Jun 1999 15:42:42 -0700 (PDT)
From:      Ken McGlothlen <mcglk@serv.net>
To:        questions@freebsd.org
Subject:   Trying to use telnetd.
Message-ID:  <14181.34146.537092.357907@ralf.serv.net>

next in thread | raw e-mail | index | archive | help
I have a friend who, for various reasons, wishes to telnet to a BSD-compliant
Unix box (my newly updated FreeBSD 3.2-RELEASE system).  I have a DSL line, and
he's a very low bandwidth user, so I'm all for this.

His main problem is that the firewall where he works doesn't permit access to
port 23 (the normal telnet port), but does permit traffic to port 8080.  Under
2.2.1-RELEASE, though (yes, it had been a long time since my last upgrade), all
he had to do was call me up, I'd su to root and run

	/usr/libexec/telnetd -debug 8080

and then he'd telnet to my machine, port 8080, and be on.  Even better, it
turned out that only one login was permitted at the port, so it was a fairly
nice on-demand moderately secure way of getting him in.

Unfortunately, this no longer seems to work.  What happens is that when I set
up the telnetd, this happens at the login:

	$ telnet localhost 8080

	FreeBSD/i386 (unka.dunka.doo) (ttypi)

	login: -h option: Operation not permitted
	Connection closed by foreign host.
	$ _

What -h option?  Is it login's, or telnetd's?  Is that "login:" the prompt, or
part of the error message?

Well, telnetd has an -h option.  It says

	-h	Disable the printing of host-specific information before login
		has been completed.

Which seems like it would omit the "FreeBSD/i386..." line.  So we try it:

	/usr/libexec/telnetd -h -debug 8080

And then:

	$ telnet localhost 8080
	login: Connection closed by foreign host.
	$ _

Well, that seems about right.  Perhaps it's the -h option in login(1):

	-h	The -h option specifies the host from which the connection was
		received.  It is used by various daemons such as telnetd(8).
		This option may only be used by the super-user.

I didn't specify that, obviously, and assume that telnetd supplied it.  So how
do I get telnetd *not* to supply that?  With, presumably, the -p option to
telnetd:

	-p loginprog
		Specify an alternate login(1) command to run to complete the
		login.  The alternate command must understand the same command
		arguments as the standard login.

So let's try that:

	/usr/libexec/telnetd -p /usr/bin/login -debug 8080

And here's what we get:

	$ telnet localhost 8080

	FreeBSD/i386 (unka.dunka.doo) (ttypi)

	login: -h option: Operation not permitted
	Connection closed by foreign host.
	$ _

Same thing, in other words.

On the off-chance that this was being caused by /etc/login.access, I renamed
the login.access file (which I wasn't using yet), to no avail.

So how *do* I permit a telnet login to occur at port 8080?

							---Ken


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14181.34146.537092.357907>