telnet vcenter

Is there any genuine reason why you would need telnet service running on a 2008 server that runs the vcenter application?
LVL 4
pma111Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dipopoCommented:
Telnet server or Telnet client? The server seems un-needed but the client can be useful for troubleshooting firewall port related issues with any of the required ports:

80/443
8080/8443
902
60099
389
636
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
No, there is no reason to telnet to vCenter Server.
0
pma111Author Commented:
TlntSvr
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
There is no reason to have a telnet server running on the vCenter Server.

It's certainly not a VMware Requirement.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dipopoCommented:
While there is no reason to telnet to VCenter server, hence why telnet server is un-needed. There is however a need (troubleshooting) to telnet from a VCenter server.

Some environments implement firewall within their internal network (existing firewall between vcenter and hosts)

One can run the telnet client to troubleshoot in the event of port related issues.
0
pma111Author Commented:
I assume the service is needed to telnet to or from the system? I.e. no way to limit the service just so it can be used only for telnet'ing elsewhere, as opposed remote clients using it to telnet to the system??
0
pma111Author Commented:
or is it just telnet client needed to telnet to other systems from vcenter server, ie a different service altogether?
0
dipopoCommented:
Telnet server - In
Telnet Client - Out
0
pma111Author Commented:
So as you say it is completely pointless then to have telnet server running on the vcenter server.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
It's certainly not a requirement by VMware, or VMware vCenter Server, could be regarded as a high security  risk, or back door.

I would ask your Administrators WHY, you have a Telnet Server, running on a secure server.

as telnet passwords are clear text!
0
pma111Author Commented:
Is that the risk with telnet though - eaves dropping? i.e. someone capturing plain text passwords send over telnet? I wasnt sure if it gave you some form of access to certain resources on the server without having to enter local/domain credentials. I guess eavesdropping it lower risk in a private network?
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
that's a small risk.

but it could be a standalone telnet server with a username and password of

username - donaldduck password - letmein

which is not being authenticated to Active Directory or Local Machine, no audit tracking, and someone can get onto your server or LAN.

Once on your server, they could obtain the hashes to local passwords, decrypt them, and then access login to vCenter Server, and access your VMs, and shutdown them all done!

or DELETE THEM ALL!

Telnet Server is not installed by Default as part of a Windows 2008 R2 Build, the feature has to be added separately.
0
pma111Author Commented:
Interesting. If its a standalone telnet server, when you add a username/password, what type of account are these? i.e. if I remote onto a server using RDP thats via domain or local windows username/passwords, if I remote onto a SQL server thats using either sql authentication login details again or windows authentication.

From the above it sounded like you were eluding to seperate telnet usernames/passwords, which arent domain or local type accounts?
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
You will need to check the configuration of the telnet server, if they are local or domain accounts, and which telnet server service is installed.

From the above it sounded like you were eluding to seperate telnet usernames/passwords, which arent domain or local type accounts?

That is correct.
0
pma111Author Commented:
Where would those accounts be stored/hashed?

Ie local accounts SAM/SYSTEM

domain accounts NTDS.DIT

Where do the telnet accounts reside? Do they have a specific name? The name of the service is called tlntsvr.exe.
0
pma111Author Commented:
When you mentioned they were "plain text" I wasnt sure if the transit of them was plain text, or whether there is residue on the server of the actual passwords in plain text perhaps in logs, i.e. not hashed/encrypted.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
telnet transmits passwords in clear text.

some telnet servers store password in clear text.

if this is the Windows Telnet Service, Accounts are Local or AD.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.