+++ Monday 23 June 2025 +++


Setting up telnetd on FreeBSD
=============================

It is that time of the year again.

We all get itchy, and can't wait for the new edition of the
Old Computer Challenge to start.

This is reflected in the kind of messages on the IRC
channel. People start talking about the wonderful hardware
they might use for the challenge.

Encryption is always a problem
------------------------------
No matter what hardware or OS, when it is dated, encryption
will be a problem.

One encounter this problem, when connecting to almost any
website, almost any Jabber provider, and so on.

Another problem is connecting to local services in your own
network. The old OS either doesn't come with ssh, or with
an ssh that only supports outdated ciphers.

Andreas did encounter this problem too, and setup a
brilliant old-ssh to modern-ssh gateway [1].
This is a great solution.

I wanted to try another way, and that is a telnetd-to-ssh
gateway. Most old OS'es have a telnet client, so this
should be a nice general solution.

Telnetd on FreeBSD 14
---------------------
A FreeBSD jail is a great solution for a telnetd-to-ssh
gateway. It is easy to setup, and can be started and
stopped when needed.

Setting up telnetd in a FreeBSD 14 jail:

* install telnetd:
 pkg install freebsd-telnetd

* allow telnet in inetd.conf:
 ed /etc/inetd.conf
 search for telnetd
 remove the #-char at the begin of the line

* in /etc/rc.conf, add the lines:
 telnetd_enable="YES"
 inetd_enable="YES"

And start inetd.

Now you can play with firewall rules to make it a bit more secure,
but remember that telnet died because it sends all your passwords
and other secrets in plain text over the line ...

Testing
-------
A great way to test is to fire up Qemu with that old Linux
or BSD system, and give it a go!

Happy telnetting!

Update:
-------

2025-06-24 Change of telnetd line
................................
First I had set 'telnetd -a user' in inetd.conf, but this
made it not possible to log in from Mac OS X 10.3.9.
Now I have removed this, and just kept the origina 'telnetd'
at the end of the line.

[1]: https://82mhz.net/posts/2025/06/using-a-raspberry-pi-as-a-jumphost-to-ssh-from-an-old-computer-into-a-modern-one/


Last edited: $Date: 2025/06/24 19:20:49 $

You are viewing proxied material from box.matto.nl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.