Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

unRAID 6.0 request Telnet vs SSH

Featured Replies

Don't just say no. Give a valid reason why.

I already did, earlier:  Telnet works out-of-the-box.  No configuration needed.

 

I am not against ssh.  I am against disabling telnet by default.  We could simply add the option to disable telnet from the WebGUI.

 

 

  • Replies 58
  • Views 15.3k
  • Created
  • Last Reply

From my point of view:

Please add SSH to the standard unRaid, let both Telnet and SSH be enabled when unRaid is shipped and just add two tickboxes to the webgui, so everyone can choose what to use.

 

From my point of view Telnet is deprecated. Yeah it works out of the box on Windows systems. But everybody who is building an unRaid Server should be able to install an SSH Client on a Windows machine.

From my point of view:

Please add SSH to the standard unRaid, let both Telnet and SSH be enabled when unRaid is shipped and just add two tickboxes to the webgui, so everyone can choose what to use.

 

From my point of view Telnet is deprecated. Yeah it works out of the box on Windows systems. But everybody who is building an unRaid Server should be able to install an SSH Client on a Windows machine.

Ha, you overestimate some peoples abilities me thinks.

 

I am in agreement with Finka.  Add it by default if you feel necessary, but DO NOT disable telnet by default.

 

Telnet may be "deprecated" for some but frankly I don't feel like dealing with SSH if I don't have to, especially on my local network were I could give to s***s about security.  If someone gets into my network I have more things to worry about then them managing to get to my media server.

From my point of view:

Please add SSH to the standard unRaid, let both Telnet and SSH be enabled when unRaid is shipped and just add two tickboxes to the webgui, so everyone can choose what to use.

 

From my point of view Telnet is deprecated. Yeah it works out of the box on Windows systems. But everybody who is building an unRaid Server should be able to install an SSH Client on a Windows machine.

Ha, you overestimate some peoples abilities me thinks.

 

I am in agreement with Finka.  Add it by default if you feel necessary, but DO NOT disable telnet by default.

 

Telnet may be "deprecated" for some but frankly I don't feel like dealing with SSH if I don't have to, especially on my local network were I could give to s***s about security.  If someone gets into my network I have more things to worry about then them managing to get to my media server.

 

dont people use security on their shares anyways? personally i have everything read only. only one user can actually write. 

then about logging into the actual box.. root should have a password.. plus you can always just block port 23 on your router if you wanna stop someone from telnetting externally to your box.

From my point of view:

Please add SSH to the standard unRaid, let both Telnet and SSH be enabled when unRaid is shipped and just add two tickboxes to the webgui, so everyone can choose what to use.

 

From my point of view Telnet is deprecated. Yeah it works out of the box on Windows systems. But everybody who is building an unRaid Server should be able to install an SSH Client on a Windows machine.

Ha, you overestimate some peoples abilities me thinks.

 

I am in agreement with Finka.  Add it by default if you feel necessary, but DO NOT disable telnet by default.

 

Telnet may be "deprecated" for some but frankly I don't feel like dealing with SSH if I don't have to, especially on my local network were I could give to s***s about security.  If someone gets into my network I have more things to worry about then them managing to get to my media server.

 

 

In addition, most network enabled' devices have a telnet interface. Therefore,  keep it allowing those who are security minded the ability to disable it.

Those desperate to disable telnet can add just two lines to their "go" script:

sed -i "s/^telnet/#telnet/g" /etc/inetd.conf
killall -HUP inetd

Done.  Problem solved.  Don't ruin it for the rest of us.

 

 

Telnet does in fact not work out of the box with Windows.

 

"Telnet Client is not installed by default on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008." Add Windows 8, Windows 8.1, and Windows Server 2012 to the list as well.

 

http://technet.microsoft.com/en-us/library/cc771275(v=ws.10).aspx

Telnet does in fact not work out of the box with Windows.

 

"Telnet Client is not installed by default on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008." Add Windows 8, Windows 8.1, and Windows Server 2012 to the list as well.

 

http://technet.microsoft.com/en-us/library/cc771275(v=ws.10).aspx

^^^ Correct.  Nearly every software and hardware vendor have been phasing out telnet for nearly a decade now.  Very few exist anymore, unraid ironically being one of them.

Ha, you overestimate some peoples abilities me thinks.

 

I am in agreement with Finka.  Add it by default if you feel necessary, but DO NOT disable telnet by default.

 

Telnet may be "deprecated" for some but frankly I don't feel like dealing with SSH if I don't have to, especially on my local network were I could give to s***s about security.  If someone gets into my network I have more things to worry about then them managing to get to my media server.

Me thinks you overcomplicate SSH ;)  There is practically nothing to do other than 60 seconds to grab a free open source SSH client (included on almost every major OS already with the exception of Microsoft).  It takes about the same time, if not more, to install the microsoft one.

In addition, most network enabled' devices have a telnet interface. Therefore,  keep it allowing those who are security minded the ability to disable it.

Sorry, this is wrong, just plain fact.  Almost every software and hardware vendor is turning it off for the fact they do NOT want to be responsible for the security implications.

 

Do you guys still use leaded gasoline becuase "it just works"?  :D  Sorry, but there is just no logical excuse to keep telnet around anymore.

Telnet does in fact not work out of the box with Windows.

 

"Telnet Client is not installed by default on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008." Add Windows 8, Windows 8.1, and Windows Server 2012 to the list as well.

I really don't care about the windoses you listed.  Telnet client is present in any respectable OS.

 

 

Telnet does in fact not work out of the box with Windows.

 

"Telnet Client is not installed by default on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008." Add Windows 8, Windows 8.1, and Windows Server 2012 to the list as well.

I really don't care about the windoses you listed.  Telnet client is present in any respectable OS.

Which ironically completely invalidates your point because so is SSH. Sosorry ;)

Telnet does in fact not work out of the box with Windows.

 

"Telnet Client is not installed by default on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008." Add Windows 8, Windows 8.1, and Windows Server 2012 to the list as well.

I really don't care about the windoses you listed.  Telnet client is present in any respectable OS.

Which ironically completely invalidates your point because so is SSH. Sosorry ;)

So is ping.  So what?  You broke your logic.

 

 

Telnet does in fact not work out of the box with Windows.

 

"Telnet Client is not installed by default on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008." Add Windows 8, Windows 8.1, and Windows Server 2012 to the list as well.

I really don't care about the windoses you listed.  Telnet client is present in any respectable OS.

Which ironically completely invalidates your point because so is SSH. Sosorry ;)

So is ping.  So what?  You broke your logic.

Other than the fact ping has nothing to do with the topic...... thanks? I think?

If your argument is:

 

I already did, earlier:  Telnet works out-of-the-box.  No configuration needed.

 

Then is the same not true for SSH? SSH works out of the box and no configuration is needed. Server keys are generated when you install the OS. If you don't care about Windows, that leaves OSX and Linux; both of which ship with SSH installed and configured by default. Thus you would need to do almost nothing to switch. The only configuration you might do is if you want to use Public key authentication or Host-based authentication. In fact you might even save yourself time as "ssh" is two letters shorter than "telnet." ;) SSH is pretty cool stuff.

 

unRAID is the only UNIX/Linux/storage/network software I use that has telnetd enabled. Yes, telnetd is easily disabled but that is not the point. We are asking for sshd to be installed by default so we don't have to install it via plugin and is supported by LimeTech.

Telnet does in fact not work out of the box with Windows.

 

"Telnet Client is not installed by default on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008." Add Windows 8, Windows 8.1, and Windows Server 2012 to the list as well.

I really don't care about the windoses you listed.  Telnet client is present in any respectable OS.

Which ironically completely invalidates your point because so is SSH. Sosorry ;)

So is ping.  So what?  You broke your logic.

Other than the fact ping has nothing to do with the topic...... thanks? I think?

Neither does it contradict my statement above.  Please check your logic circuits. :)

 

---

 

I don't need lectures about how "SSH is pretty cool stuff".  I know that.  I use ssh where I need to.  I am all for having ssh preinstaled in unRAID.  But that is not an argument for disabling telnet by default.

 

Those who want to disable telnet should have the option to do so.  That should not be forced on the rest though.

 

EDIT:  To sum it up:

You can have your ssh, just don't touch my telnet.

 

Thing is, you can't really force security on people -- at best you can force a false sense of security.

 

 

Telnet does in fact not work out of the box with Windows.

 

"Telnet Client is not installed by default on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008." Add Windows 8, Windows 8.1, and Windows Server 2012 to the list as well.

I really don't care about the windoses you listed.  Telnet client is present in any respectable OS.

 

Trollbait much?

 

The fact of the matter is that SSH and Telnet could be included in unRAID, with a simple checkbox to disable them.  This would (imo) satisfy all of us.  Everyone can choose which protocol they prefer, and if it's neither and they want to only have physical login (or IPMI) they have that option as well

.

 

SSH and Telnet could both be included in unRAID, with a simple checkbox to disable them.

Yes!  Exactly!  Thank you!

 

 

I think we're going down the wrong road here to prove the merits of ssh.

If the main argument for SSH is security on your own network, there's a bigger issue here.

 

From what I've seen, basic unRAID is designed to be managed from emhttp.

 

If we're going to provide pros/cons and debate arguments for ssh, we need to provide the positive merits for SSH outside of the obvious.

 

I presented a few reasons on why I use ssh.

 

End to end security.

Embedded secure file transfer.

Remote executable commands.

rsync over ssh.

Port forwarding.

 

Telnet could stay present/available until disabled by the end user.

Most environments have a telnet client.

 

While I prefer ssh, there are a number of times where I still have to use telnet to assist in repairing a machine. Especially if the client machine does not have access to the internet to download a ssh client.

The option to disable telnet should be enough to appease those that want it gone. Who cares what the default is. Agree that adding SSH is a good idea, enabled by default or otherwise.

  • 3 weeks later...

I was going to say dropping telnet in favour of ssh gives the impression that usRAID is designed to be secure (as in internet facing) and that would be a bad thing. I still think it is a bad thing but maybe not enough of a reason.

 

So I change my vote and say drop telnet, include links to open ssh clients in the web gui (for all platforms) and configure SSH to only allow connections from IANA private ranges by default i.e. dont allow it to be internet facing without making people jumps though some sense loops.

 

And at the same time change to only SSL emHTTP (or most of the security arguments made here are pointless).

 

This is all easy to do but it is a bit of a n00b support headache

  • 1 month later...

Question out of some ignorance... Where would the SSH keys reside? If baked in unRAID then we would all have shared keys. If they're created by unRAID won't they need to be stored on the USB stick to be persistent and trusted? If not they will have to  be generated at each boot in the RAMdisk and we will get a popup at each boot yes?

 

How do folks propose this work? I have the ssh plugin installed on my system but honestly just use telnet out of habit - ssh to my system is blocked at my firewall. If I'm using the VPN I'm already encrypted..

 

 

Sent from my iPad using Tapatalk

Added openssh.  The initial set of host keys will be generated upon first boot and stored on the flash in config/ssh directory.

 

Added openssh.  The initial set of host keys will be generated upon first boot and stored on the flash in config/ssh directory.

 

Thank you, I missed that and it clears this up well - makes sense to me!

 

 

Sent from my iPad using Tapatalk

I have always just used telnet, logged in as root, no password.

 

I am running 64bit unRAID 6.0b2 now and want to try out SSH now that it's included.

 

I think I get the key part OK and I tell putty to accept, but then I get the login prompt. I have tried root, no password and also one of my other unRAID users, no password but couldn't get in.

 

Do I need to set a root password to use this method?

 

 

I have always just used telnet, logged in as root, no password.

 

I am running 64bit unRAID 6.0b2 now and want to try out SSH now that it's included.

 

I think I get the key part OK and I tell putty to accept, but then I get the login prompt. I have tried root, no password and also one of my other unRAID users, no password but couldn't get in.

 

Do I need to set a root password to use this method?

 

 

Usually with ssh & root, it requires a password.

it's safer anyway.

 

 

You can set up a key exchange a client to the server which would allow password less entry.

The issue then becomes rsyncing the authorized_host file from /boot/config into it's appropriate place upon boot up.

Usually with ssh & root, it requires a password.

it's safer anyway.

 

 

You can set up a key exchange a client to the server which would allow password less entry.

The issue then becomes rsyncing the authorized_host file from /boot/config into it's appropriate place upon boot up.

I was considering reworking my OpenSSH plugin for unRAID 6, which would give a bit more flexibility to the current SSH configuration incl. maintaining users and their authorized keys across reboots.

 

Also though, I wonder if Tom would consider enhancing his rc.ssh script such that it extends what configuration is copied over from flash upon start to include user/root home directories.  Then it'd just be a case of having /root and or /home/<user> stored under /boot/config/ssh which gets copied over during startup.

 

Just a thought.

 

 

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.