From owner-freebsd-questions Mon Jun 14 15:37:46 1999 Delivered-To: freebsd-questions@freebsd.org Received: from ralf.serv.net (a.serv.net [207.207.72.1]) by hub.freebsd.org (Postfix) with ESMTP id 7687414C92 for ; Mon, 14 Jun 1999 15:37:43 -0700 (PDT) (envelope-from mcglk@serv.net) Received: (from mcglk@localhost) by ralf.serv.net (8.9.3/8.9.3) id PAA94087; Mon, 14 Jun 1999 15:42:42 -0700 (PDT) (envelope-from mcglk@serv.net) X-Authentication-Warning: ralf.serv.net: mcglk set sender to mcglk@serv.net using -f From: Ken McGlothlen MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14181.34146.537092.357907@ralf.serv.net> Date: Mon, 14 Jun 1999 15:42:42 -0700 (PDT) To: questions@freebsd.org Subject: Trying to use telnetd. X-Mailer: VM 6.72 under Emacs 20.3.1 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a friend who, for various reasons, wishes to telnet to a BSD-compliant Unix box (my newly updated FreeBSD 3.2-RELEASE system). I have a DSL line, and he's a very low bandwidth user, so I'm all for this. His main problem is that the firewall where he works doesn't permit access to port 23 (the normal telnet port), but does permit traffic to port 8080. Under 2.2.1-RELEASE, though (yes, it had been a long time since my last upgrade), all he had to do was call me up, I'd su to root and run /usr/libexec/telnetd -debug 8080 and then he'd telnet to my machine, port 8080, and be on. Even better, it turned out that only one login was permitted at the port, so it was a fairly nice on-demand moderately secure way of getting him in. Unfortunately, this no longer seems to work. What happens is that when I set up the telnetd, this happens at the login: $ telnet localhost 8080 FreeBSD/i386 (unka.dunka.doo) (ttypi) login: -h option: Operation not permitted Connection closed by foreign host. $ _ What -h option? Is it login's, or telnetd's? Is that "login:" the prompt, or part of the error message? Well, telnetd has an -h option. It says -h Disable the printing of host-specific information before login has been completed. Which seems like it would omit the "FreeBSD/i386..." line. So we try it: /usr/libexec/telnetd -h -debug 8080 And then: $ telnet localhost 8080 login: Connection closed by foreign host. $ _ Well, that seems about right. Perhaps it's the -h option in login(1): -h The -h option specifies the host from which the connection was received. It is used by various daemons such as telnetd(8). This option may only be used by the super-user. I didn't specify that, obviously, and assume that telnetd supplied it. So how do I get telnetd *not* to supply that? With, presumably, the -p option to telnetd: -p loginprog Specify an alternate login(1) command to run to complete the login. The alternate command must understand the same command arguments as the standard login. So let's try that: /usr/libexec/telnetd -p /usr/bin/login -debug 8080 And here's what we get: $ telnet localhost 8080 FreeBSD/i386 (unka.dunka.doo) (ttypi) login: -h option: Operation not permitted Connection closed by foreign host. $ _ Same thing, in other words. On the off-chance that this was being caused by /etc/login.access, I renamed the login.access file (which I wasn't using yet), to no avail. So how *do* I permit a telnet login to occur at port 8080? ---Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message