CUPS, Alpine, and printserving

Beartooth Beartooth at swva.net
Sat Nov 1 19:40:21 UTC 2008


On Sun, 02 Nov 2008 05:34:19 +1030, Tim wrote:

> On Sat, 2008-11-01 at 18:08 +0000, Beartooth wrote:
>>         Oho! Then all those who said "get rid of telnet" really
>> *meant* "get rid of telnet-server." Right?
> 
> Yes, but there's more to it than that.  Having a telnet server is a
> security risk.  Using telnet over an open wire is a security risk (what
> you type is not encrypted, so passwords can be snooped on, etc.).
> 
> So, do not use telnet where you don't have to.  But it's certainly a
> useful tool to try and connect to some server to see what it responds
> with.  You can connect to a webserver, etc., using the telnet client,
> and what you do is no riskier than using a web browser.  Just don't type
> confidential stuff when not encrypted.

	Aha : I used it only a little when I did use it (mainly just to 
do remote email at a provider that ran linux); I had no idea it could 
connect to any server but its own; knowing that helps a lot. Many thanks!

>>         So does that mean I should run "yum install telnet" on all
>> machines?
> 
> Only if you want to be able to use the telnet program on them to connect
> to some server.

	Then for the time being, I guess, it should suffice to have only 
the client, only on the machine with the printer. It's installing now.

>> With the server on none?
> 
> I wouldn't install a telnet server anywhere.  You don't need it, as
> you've got plenty of other better options for remote accessing a
> machine, such as SSH.  It's not like we don't have better options that
> we're forced to make do with telnet.

	It is a consolation not to be mistaken at all points, as Gandalf 
says to Gimli in the eaves of Fangorn.

>> What responds to "telnet 192.168.a.b 631" on a machine with no telnet
>> at all?
> 
> A telnet server listens on port 23, by default.  And you could log in
> and have a remote shell through it. 

	That must be what I did in the bad old W98 days, in order to be 
able to run Pine on a linux machine, before I had linux at home. I 
*think* I had a shell there; I certainly did in my last years working, 
when I ran OS/2 on my workstation, but Pine on an AIX machine in the 
basement.

> Without that server, you can't do
> *that*.  But, you can use the telnet client to connect with other types
> of servers (mail, HTTP, etc.), and those servers will be the thing that
> responds.  Some will be useable, some can't really be interacted with in
> a useful manner.

	CUPS being one of the useful ones; that's all I'm likely to try 
for now, since I'm used to running ssh on the LAN at need.

> If you telnet to port 631, it'll be the CUPS server that responds, if it
> can (CUPS has to be working, and allowing connections over the network
> that you're trying to access it).

	If I have a Firefox tab open to it, does that mean it's working? 
I suppose, after the changes I made (yesterday, I think) to the Trusted 
tab on the firewall, it should be.

>> For that matter, what about "ssh 192.168.a.b 631" instead? I am at
>> least relatively familiar with ssh.
> 
> That's not going to work, as CUPS listening on port 631 won't know
> anything about the SSL encryption that SSH uses, and there's a different
> syntax for specifying non-default ports with SSH.
> 
> Telnet is little more than a remote terminal over a network.

	Well, I made my living on one of those for years, cataloging 
foreign language materials into a library. This may be easier than I was 
beginning to expect. Many many thanks!

=====		=====		=====
	Oops! I just got this (edited slightly) : 

[btth at Hbsk2 ~]$ telnet 192.168.a.b 631
Trying 192.168.a.b...
telnet: connect to address 192.168.a.b: No route to host
[btth at Hbsk2 ~]$ 
=====   	=====		=====

	Fwiw, ssh from this machine to that one did work.

-- 
Beartooth Staffwright, PhD, Neo-Redneck Linux Convert
Remember I know precious little of what I am talking about.




More information about the fedora-list mailing list