• Telnet clients that support TLS/SSL?

    From Oli@21:3/102 to All on Friday, October 07, 2022 12:53:46
    Hullo!

    I'm experimenting with Telnet over TLS/SSL (direct TLS, not STARTTLS). Unfortunately the only open source client I found is the Debian Netkit telnet-ssl. Do you know any other Telnet client that supports TLS connections?

    I did have success with putty/puttytel and plink (from putty-tools) with the proxy command option and openssl s_client, like

    $ plink -telnet -proxycmd "openssl s_client -quiet %host:992" example.com

    On the server side, I'm using stunnel (or nginx) as TLS reverse proxy. Fun part is that you can use the same port to proxy to different telnet servers depending on the domain/servername (SNI).

    What drove me nuts was the display of the replacement character � (rhombus with ?) whenever I typed/send Ctrl-C or Ctrl-Z. I figured out that it is the character with the byte value 242; or in Telnet-speak the control character DM (data mark). Turned out some older protocols and software are using the TCP "urgent" mechanism / flag / indication, which I never heard of before. (see https://packetlife.net/blog/2011/mar/2/tcp-flags-psh-and-urg/#the-urg-flag)

    The Inetutils telnet server that I am using can only run as an inetd service (stdin/stdout). So even it does not run as standalone daemon and does not handle TCP sockets itself, it still has some code in the source that handles TCP urgent indication. It took me hours to figure out the cause of the unwanted character, but I still don't understand exactly why it only happens when I use a proxy command and/or the TLS proxy with the telnet-ssl. The fix was to comment out the line "set_neturg ();" in telnetd.c and recompile.


    Why telnet over TLS (and not ssh)?

    a) Because.
    Why not?!

    b) Telnet is a much simpler protocol than SSH, but good enough that it's not different after login for simple remote terminal usage.

    c) There is still some BBS software that supports telnet, but not ssh. I guess it's possible to use some SSH-to-Telnet proxy, but tunneling through TLS is much simpler. You can also do telnet client -> stunnel (client) -> stunnel (server) -> telnet server.

    d) It's retro and it works. It doesn't deserve to be abandoned.

    ---
    * Origin: War is Peace. Freedom is Slavery. Ignorance is Strength. (21:3/102)
  • From acn@21:3/127.1 to Oli on Sunday, October 09, 2022 13:02:00
    Am 07.10.22 schrieb Oli@21:3/102 in FSX_BBS:

    Hallo Oli,

    I'm experimenting with Telnet over TLS/SSL (direct TLS, not STARTTLS). Unfortunately the only open source client I found is the Debian Netkit telnet-ssl. Do you know any other Telnet client that supports TLS connections?

    If I see this correctly, then SyncTerm (I'm using version 1.2b)
    supprts "TelnetS".

    Regards,
    Anna

    --- OpenXP 5.0.56
    * Origin: Imzadi Box Point (21:3/127.1)
  • From Oli@21:3/102 to acn on Sunday, October 09, 2022 15:03:46
    Hallo Anna!

    acn wrote (2022-10-09):

    I'm experimenting with Telnet over TLS/SSL (direct TLS, not STARTTLS).
    Unfortunately the only open source client I found is the Debian Netkit
    telnet-ssl. Do you know any other Telnet client that supports TLS
    connections?

    If I see this correctly, then SyncTerm (I'm using version 1.2b)
    supprts "TelnetS".


    Thanks, I didn't know. I've downloaded the source tarball (20220409) and compiled it on a Raspi 2. Unfortunately it doesn't work: "Error activating session". There is no log file, not even if it is set to "All (debug)".



    ---
    * Origin: War is Peace. Freedom is Slavery. Ignorance is Strength. (21:3/102)
  • From acn@21:3/127.1 to Oli on Tuesday, October 11, 2022 13:39:00
    Am 09.10.22 schrieb Oli@21:3/102 in FSX_BBS:

    Hallo Oli,

    If I see this correctly, then SyncTerm (I'm using version 1.2b)
    supprts "TelnetS".

    Thanks, I didn't know. I've downloaded the source tarball
    (20220409) and compiled it on a Raspi 2. Unfortunately it doesn't
    work: "Error activating session". There is no log file, not even if
    it is set to "All (debug)".

    I haven't tried it myself, so I don't think that I can help you here.
    Or do you have an address that I could try connecting to?

    Regards,
    Anna

    --- OpenXP 5.0.56
    * Origin: Imzadi Box Point (21:3/127.1)
  • From Oli@21:3/102 to acn on Tuesday, October 11, 2022 15:58:30
    acn wrote (2022-10-11):

    Thanks, I didn't know. I've downloaded the source tarball
    (20220409) and compiled it on a Raspi 2. Unfortunately it doesn't
    work: "Error activating session". There is no log file, not even if
    it is set to "All (debug)".

    I haven't tried it myself, so I don't think that I can help you here.
    Or do you have an address that I could try connecting to?

    Not my BBS, but I found these

    kuehlbox.wtf:992
    kuehlbox.wtf:1338

    It does work with telnet-ssl and plink+openssl, but not with syncterm.




    ---
    * Origin: War is Peace. Freedom is Slavery. Ignorance is Strength. (21:3/102)
  • From Charles Blackburn@21:1/221 to acn on Tuesday, October 11, 2022 16:30:47
    Re: Re: Telnet clients that support TLS/SSL?
    By: acn to Oli on Tue Oct 11 2022 13:39:00



    Hallo Oli,

    If I see this correctly, then SyncTerm (I'm using version 1.2b)
    supprts "TelnetS".

    not sure if you tried it, but ZOC does telnet/SSL apparentlly. got no way of trying it unless you can give me a link somewhere i can

    regards
    ===

    Charles Blackburn
    The F.B.O BBS 21:1/221 618:250/36
    bbs.thefbo.us IPV4/V6
    DOVE-Net FSX-Net MicroNET USENET




    ... Chuck Norris' hand is the only hand that can beat a Royal Flush.
    --- SBBSecho 3.15-Linux
    * Origin: The FBO BBS - bbs.thefbo.us (21:1/221)