TransWikia.com

Telnet connection to Debian machine refused

Unix & Linux Asked by Hakkı on January 20, 2021

I’m trying to connect Debian 8 machine via telnet but I get login error shown in below

# telnet 192.168.88.48 
Trying 192.168.88.48... 
Connected to 192.168.88.48.
Escape character is '^]'. 
Debian GNU/Linux 8 login: Cannot possibly work without effective root
Connection closed by foreign host. 

When I check the telnet server, it’s working on the machine.

# netstat -tulpn | grep :23 
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 1817/inetd

What problem can be?

One Answer

The in.telnetd binary in package telnetd is running by default as an unprivileged process with user telnetd, probably for security reasons and privileges separation:

# grep telnet /etc/inetd.conf 
telnet      stream  tcp nowait  telnetd /usr/sbin/tcpd  /usr/sbin/in.telnetd

It then uses an helper process for handling the actual login. This helper process is setuid root. On a Debian 8 system that would give (except the date and size of the file, the same as on Debian 10):

# dpkg -S /usr/lib/telnetlogin
telnetd: /usr/lib/telnetlogin
# ls -l /usr/lib/telnetlogin
-rwsr-xr-x. 1 root telnetd 8112 Jul 22  2008 /usr/lib/telnetlogin

If you remove the setuid bit to this helper, you get exactly OP's error message.

This setuid bit is normally set during the package's post-installation in /var/lib/dpkg/info/telnetd.postinst:

if [ -z "$(dpkg-statoverride --list /usr/lib/telnetlogin)" ]; then
  chown root:telnetd /usr/lib/telnetlogin
  chmod 4754 /usr/lib/telnetlogin
fi

For example the set-uid bit could have been manually removed, overriden in dpkg-statoverride's database or the package not been completely installed. Or OP's in.telnetd is running in a restricted environment. Some examples could be a filesystem mounted with nosuid, perhaps including containers, or unadequate settings with AppArmor or SELinux.

Of course using telnetd itself should never be done. There used to be an SSL version available for telnet client and server, but considering it's not available in Debian stable (but only sid) it might have issues on its own.

Correct answer by A.B on January 20, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP