Page MenuHomePhabricator

Remove the telnet service and make sure old configs that use it still load
Closed, ResolvedPublicBUG

Description

I tried to enable telnet service but it failed (yes there are some kind of nostalgic men that still use telnet ;-)

ie:
set service telnet
commit
[ service telnet ]
telnetd: applet not found

This seems because busybox doesn't have compiled telnetd applet.

/bin/busybox telnetd
telnetd: applet not found

Tested on:
vyos-999.201710022137-amd64.iso

Thanks.

Details

Difficulty level
Normal (likely a few hours)
Version
1.2.0
Why the issue appeared?
Issues in third-party code
elbuit created this task.Oct 7 2017, 7:02 PM
c-po added a subscriber: c-po.Oct 9 2017, 2:29 AM

As VyOS fully re-uses Debian packages it is not possible to enable any given applet inside Busybox. To get this enabled, VyOS has to maintain a forked version of the Debian busybox packages which makes life only harder.

If this service is really required, we should instead think of replacing it by https://packages.debian.org/jessie/telnetd or https://packages.debian.org/jessie/inetutils-telnetd.

Well, may be we just have to either:

  1. Add dependency on telnetd and patch vyatta-cfg-system to work with telnetd, is one is supplied.
  2. Remove CLI option "service telnet"

Who votes for which option?
I am for '2' as telnet server is an insecure ancient stuff.

c-po added a comment.Oct 9 2017, 2:58 PM

+1 for removal

elbuit added a comment.Oct 9 2017, 3:08 PM

Well, I think that if someone has a system with only telnet as a remote access method, it could be anoying to update and realize that you have lost any chance to remote access.
I vote to maintain or add a script that convert telnet to ssh configuration.

By the way, is busybox used in other place than telnetd in vyos? Perhaps busybox package can be removed.

syncer added a subscriber: syncer.EditedOct 9 2017, 3:54 PM

+1 for removal of telnet

c-po added a comment.Oct 10 2017, 2:33 AM

BusyBox is a multi-call binary. A multi-call binary is an executable program that performs the same job as more than one utility program. That means there is just a single BusyBox binary, but that single binary acts like a large number of utilities. This allows BusyBox to be smaller since all the built-in utility programs (we call them applets) can share code for many common operations.

If you just enter "busybox" on your VyOS machine, you will see all associated binaries to this one. Just to name a few: acpid, arp, arping, awk, basename, bzip2, cat, chmod, ping, traceroute .....

So VyOS is heavily dependant on this one, no need to remove.

c-po claimed this task.Dec 9 2017, 2:54 PM

After removal of telnet configuration nodes/scripts and upgrading from VyOS 1.1.8 with telnet enabled worked.

c-po closed this task as Resolved.Dec 9 2017, 2:56 PM
c-po changed Why the issue appeared? from Will be filled on close to Issues in third-party code.

@c-po

So VyOS is heavily dependant on this one, no need to remove.

This is not just wrong, but, as anyone who tried to go beyond the native CLI on EdgeOS can attest, almost slanderous. ;)
VyOS uses real coreutils (ip-utils-ng etc.) for those ones. Some VyOS packages list busybox but I believe it's a legacy. The only thing that probably truly depends on it is initramfs-tools, but with image upgrades, I think having initramfs-tools in VyOS is an artifact that is not needed.

dmbaturin renamed this task from Service telnet doesn't start to Remove the telnet service and make sure old configs that use it still load.Oct 3 2018, 2:00 PM
dmbaturin edited projects, added VyOS 1.2.x (VyOS 1.2.0-rc1); removed VyOS 1.2.x.