Seems that as soon you set a password in the web-interface, the telnet account is disabled. I think that is a very stupid idea !

My box is behind a nat router, NO NEED for any security, but i need telnet !  I know telnet, it works fine on the windows box. Like TFTP, is build-in and works fine on the win2k box, but the linux-geeks dont realize its VERY EZ to tftp-flash a wrt54g with windows and NO additional programs.

Linux will NEVER gain much popularity as long as the geeks show an arrogant attitude by keeping the entry-level difficulties as high as possible. Making the win-linux transition problematic does scare off the normal user, dont you realize that?

Now, im stuck again with the wrt54g. it's flashed with openwrt, the web-interface doesent work right, and telnet doesent work any more. SHIT !

i will have to reflash it again ...

When you set a password you may lose telnet, but you gain SSH - a whole new universe of amazingness that blows telnet away. I suggest you get a copy of Putty, and SSH your box instead of telnetting it.

that is exactly what i mean with "scaring off people"

Yes, but change is good, isn't it? We don't want to be stuck with telnet forever, do we? It's up to you, just thought I'd provide some reasoning for what appears to be absurd.

(Last edited by Growly on 20 Dec 2005, 10:01)

maybe as long as you are young. But at the age of 46 you do not grab things that easily any more, and you prefer the old telnet..

I have reflashed now, and will try to install the kismet-thing with telnet, without setting any password nowhere.

Although I'm 60 and managed to learn and love putty in < 10 minutes , I have to say I agree with you. My reason is simple - my clients are tunneled, vlaned, natted, and firewalled and simply not accessible via telnet from anything but the lan ports. I leave them with no PW set because if I need to make a housecall I don't want to have to carry along a disk with Putty! But with RC4 this leaves me no option to turn on the webif as this disables telent. Well, actually I can put telnet back in, but that's an extra config step from an otherwise very simple setup.

Actually, it's probably trivial to re-activate telnet - I'll research a bit.

- DL

(Last edited by dl on 20 Dec 2005, 11:23)

Perhaps it would be better if telnet were disabled entirely by default. It would save the confusion ("why did telnet stop working as soon as I set a password"?)

Putty is a zero-install client; you just download it to your desktop and double-click on it. That's it. The only really good reason for not using it is if you live in a country where ssh is forbidden by law.

Yes, we are all arrogant bastards. We're all rich too. I would just install Windows on the WRT if I were you.

I'm sorry if that post came across as arrogant - it wasn't intended to.

The point I was trying to make is: some people have a misconception that ssh is hard. They see the word "cryptography" and panic.

The reality is that having an ssh client under Windows is really, really, really easy. Honestly. Download putty; double click on it; the end. It couldn't possibly be any easier. On the other hand, using telnet for device administration puts you at a real risk - especially if your packets are going over a wireless interface.

Of course, a project like OpenWRT has to address the needs of its userbase. There may be users for whom having telnet access is more convenient, and having it meets their needs better, as expressed by some people above. We can try to educate them that actually ssh will almost certainly meet their needs just as well, but if that's really not the case for those people then there's no problem; OpenWRT provides telnet after all.

Now, if there are users who say "I want to use telnet, but I also want to password-protect my telnet session, even though I'm perfectly aware that my password is sniffable and therefore it's almost pointless using passwords with telnet", then I think OpenWRT can meet their needs too; I expect they just need to tweak the busybox configuration and away they go.

So, given that OpenWRT can do all this, the only argument really is about what the default configuration is. Personally I would prefer the default configuration to be "secure". There has been a big shift in this direction in the rest of the Linux world; a few years ago all distributions shipped with dozens of daemons turned on by default. This represented a large number of possible vulnerabilities. The shift has now been towards having only the minimum enabled, and the user having to enable all services explicitly. For those diehards who say "ugh, I can't administer my newly-installed Linux box because telnet is disabled", they just have to enable telnet themselves (and accept the consequences); this is a lot better than the rest of us having to remember to disable telnet on every machine we install, because (a) it's more work for the majority, and (b) it's a step which can be easily be forgotten.

Im summary: IMO the majority will want to use ssh and will not want insecure services like telnet enabled. It seems reasonable to me that the default configuration should aim to minimise the amount of changes required by the majority of users.

As for running Windows on your wireless router: perhaps someone at Microsoft with a few spare hours on their hands could take the PocketPC source code and port it?

you can keep telnet enabled even after you set a password with a simple setting in you sysconf file. openwrt is fully customizable, so how can you complain? i just started and am dealing with linux for the first time, and i dont see how  what you are suggesting makes it easier for you. its self-centered for you to ask for the default setup to be plug n' play and cater to your needs, especially when no one is saying that you cant custom build your own

I have to agree.  OpenWRT is not meant to be GUI driven, Windows user, do everything for the end user tool.  It is meant to be a light weight modular OS for the WRT hardware platform.  If everything were built to be an easy GUI for everyone we'd be right back where Linksys is with their interface.  We wouldn't want to put features there that scare users and intimidate them!

I'm still at odds if I think the web interface is a good or bad idea for OpenWRT.  It starts to make the entry level low enough many who shouldn't be messing with it will.  Besides it takes up more valuable space.  However, it does make my life easier on the initial setup of a router.  Beyond that, I just assume delete it.

I agree. I don't want the web interface installed by default because on a squashfs install it can't be removed. I came to OpenWRT because it was a very minimal install and I could ipkg install the pieces I wanted. I know I can build my own firmware without it but I really shouldn't have to if it stuck to the minimal build you quote. The web interface is nice for those who need it though and it only has to be an "ipkg install webif" away. Ah well, if that's the only thing I can find to gripe about we're not doing too bad.

What a silly thing to complain about.

I wonder if we could gain some kilobytes by removing telnetd from busybox

There is no difference in using telnet or putty. A "normal" user will not know anything about it.
If I say to my sister she should login into the router to do a reboot, it is totally equal to tell here she should
telnet ip or ssh ip. Yes, most of the time she is using Ubuntu GNU/Linux on her Desktop, and ssh is installedby default.

Wholy shitty Microsoft centric community. Why you do not learn that there are other things. I do not work on
OpenWrt to get all Windows-Lusers migrated to Linux. I do not care. Go away and use something else, if you do not like it.

Or take the code and make your own telnet based pacowrt.

Merry christmas
wbx

You never can do it right for everyone. People always complain to us, that we have no webtool for configuration and that the console is to complicated. Now we have a webtool integrated, so that new users have a faster learning curve and now the others are complaining.

Between rc3 and rc4 the images did not get bigger. So we still have a very small firmware with a lot of possibilities to finetune. People who do not like the webinterface can simply build new squashfs images with the ImageBuilder.

May be I will program a simple web interface, so that you even do not need any Tools other than a webbrowser to use our ImageBuilder.

merry christmas
wbx

Why didn't we make ssh the default?
1. We'd have to have a default ssh password; some people would never change it
2. Failsafe mode runs entirely off squashfs; ssh keys are generated at first boot and stored on jffs2 .. we don't want everyone using the same ssh keys, even in failsafe

As for the web interface, you don't need to recompile to get an image without the web itnerrface, rc4 now comes in several variations each with a different set of packages installed by default. If you use the micro set you'll get a minimum amount of packages installed by default.

Don't get me wrong, for those people who need it I think the web interface is a good thing. I still don't believe it should be installed by default though. The reason for that is because with squashfs you can install new packages but not remove old packages. I know I can build my own without the webinterface, but on the other hand it isn't *that* difficult to do an "ipkg install webif" after installing. Webif isn't the only thing I would have left out of the base build. Like I said before though, there would be no complaints (and non of these are big complaints mind you) if an extremely minimal version (kernel+basic necessities+ipkg) along side the n00b friendly version.

Merry Christmas to you too. Since I probably won't be able to come back here till next year have a Happy New Year as well!

Scratch my last comment. Apparently I have not been paying attention. Thanks mbm!

I think that if ssh "scaring off" then is better that do not use openwrt. You have good firmware on you box when it come form factory but if you want more then you can install openwrt. If you want just easy and safe system then why you even use openWRT?

to the hoster of the "installing-HowTo": i think you could mention the easy-to use-tool putty in the beginning to avoid any missunderstanding. i´m sure here are many people who want to use this great firmware but who have no expierence with linux. even for me i took a while to find out that telnet doesnt work.

the openwrt-project is great but it´s held in some "professional-it"-style that new and unexpierenced users might be frightend when they read of "ssh" and "secured connection". i guess the great part of the users come from the windows-lifestyle and have no idea in howto setup iptables, forwarding, nat or whatever;
the thing i like on linux is, you CAN do - the thing on linux i hate is, you musst do ( not in all but in many distibutions). i appritiate software that is setup and configured in a few clicks and where you then can change every variable....

quoted for truth, insight, 'n all that. Passwordless ssh makes it just as obvious that you are insecure as passwordless telnet. start with ssh, and make telnet an ipkg to save us from the evils of bloated firmware!! ;P (in all seriousness, this isn't a terrible idea. maybe there could be a change to the banner if the password isn't set with a big warning "YOU HAVE NOT SET A PASSWORD. THIS LEAVES YOU VULNERABLE" or some such.

But yea, I don't understand this "telnet is harder than ssh" thing. The login commands are largely the same. The interface is the same (a shell). I don't understand the big deal, nor why you can use telnet in an environment but not ssh.

Or get a Microsoft MN-700. This beast runs Windows CE, although it can be reflashed to OpenWRT