The idea of this article series is for me to play the part of a ‘Speaker for the Dead’ for technology that has or is becoming ‘end of life’ or legacy and/or irrelevant (or which should be). In this article, I’ll cover Telnet; the good, the bad, the ugly, the full (but brief) and honest story, I hope. If I’m wrong, let me know.
For the story on how this series came about see the first article: Speaker for the Dead – Spanning Tree Protocol.
A Brief History
Telnet is truly ancient, the fact the requirement for it is described in RFC1 (written by Steve Crocker) and specifically mentioned in RFC15 tells you just how old it is; I was amazing to discover it’s actually 44 years old and was initially created in 1969 to provide remote terminal functionality on ARPAnet. RFC15, written by C. Stephen Carr, refers to DEC PDP-10‘s and pre-dates TCP/IP – this is truly the king of the dinosaurs.If you thought I was premature regarding STP, maybe I was but surely you won’t disagree where telnet is concerned?
It’s interesting how the influence of DEC seems to be a common factor in these articles so far, the subject of the first: STP was created by a DEC employee. Additionally, before DEC Radia Perlman worked for Bolt, Baranek and Newman (BBN) who were also involved in the early creation of ARPAnet. Also interesting is that until RFC885 telnet was typically written as TELNET.
Telnet, which sends data, including passwords, in clear text was standardised by the IETF in STD 8, comprising of RFC 854: Telnet Protocol Specification and RFC 855: Telnet Option Specifications. There are at least 30 more RFCs relating to the protocol.
It’s hard to attribute the invention of telnet to any one person; it seems to have developed and evolved over some time as part of many joint efforts around ARPAnet and early computer network systems. This article provides some of the names and further information: http://www.cs.utexas.edu/users/chris/think/ARPANET/Telnet/Telnet.shtml.
It’s more secure (if properly configured) but is SSH an improvement in any other way? I’m not sure but (security aside) frankly I’m more concerned about a useable CLI, not how I access it. At least, I am now SSH is omnipresent.
Of course, there’s plenty to complain about; it’s taken some vendors a shocking amount of time to ship products with SSH capabilities and even now telnet is still on by default and SSH settings are limited in a fair number of cases. Little has shown vendors’ contempt for their customers more clearly than refusing to provide or charging an extortionate cost for secure management of their products. Particularly when the same vendors also provide security products and SSH has been around for almost 20 years.
Does anyone care? I’d say so; PCI-DSS and other regulations and legislation have signed telnet’s death warrant as it’s clearly insecure but getting rid of it has been a long, painful slog for many. The purge is still in progress no doubt and of course telnet (like FTP) is still used in plenty of places but hopefully not for too much longer; those legacy systems have to die sometime.
As mentioned in the comments, telnet is still a valid testing tool used by many, especially on Windows systems. It might be old but it’s still useful and this unintended use goes some way to explaining it’s long life. This is something should die out in due course; there are better tools available now.
Telnet has been around and survived for an amazing length of time, it’s relatively simple function has been fundamental to the growth of networking and even computing itself. Who hasn’t used it, relied upon it and perhaps cursed it too, when using it over a high latency link? It’s almost invisible, like the network when it works, but I for one celebrate it.
Things are moving on quickly in this industry and many have predicted the death of the CLI itself; certainly there are many possibly more attractive alternatives, especially in the SDN arena. We’ll see. I guess eventually even I’ll become ‘legacy’ but I’m not ready to face that just yet.
Other articles in this series;
- Speaker for the Dead – Spanning Tree Protocol
- Speaker for the Dead – Privacy and Trust
- Russ White has done something similar regarding the OSI model