As to the TELNET and FTP to historic discussion, may I add, for your
consideration:
TELNET and FTP are not the most suitable protocols anymore for today's
hostile environment that is the Internet.
Easy to use on a windows machine, a penguin box or a Mac.
However, there are plenty of cases where "just use SSH" does not work:
* Think embedded controllers with limited resources, like small
micro-controllers. "But you should just use a bigger controller, it
is not 1980 anymore" - some controllers live in an environment that
needs to be kept on-temperature with an accuracy of one thousandth
of a degree and there, self-heating micro-controllers is something
you really do *not* want. Other electronics works in a vacuum
environment and suddenly, cooling of self-heating electronics is
more involved.
* Other controllers have strict real-time response requirements, for
instance because control movements of very heavy objects with an
acceleration of many G's. On those, a debug facility using telnet
can be added w/o too much issue, however just think the processing
power required to do knapsack re-keying to do a "SSH session
re-key": if a board is doing real-time stuff then you do NOT want
something compute-intensive competing with the controller job.
* And in some cases, SSH doesn't bring anything. Encryption only makes
sense if the integrity of the resulting connection can be verified,
which means a way to check, upfront, if the host key of the
connection is valid. Now, assume that an embedded controller needs
to be replaced. That leaves several scenarios: One scenario is that
the SSH host key is pinned and the same on all controllers of the
same type (and hence predictable, and hence SSH pointless).
Another scenario is that the SSH key is board specific and hence,
changes when the board is replaced, but then how does one verify the
new host key of the replacement board? If there is no way to verify
the host key, then integrity cannot be checked and hence again SSH
is pointless.
Keep in mind that these environments do NOT have DNS, and perhaps
you don't want dependency on services like DNS if one second of
machine downtime costs as much as USD 50 per second. I am not
kidding, and my number is conservative.
The above is the complex-machine, industrial world I live in. And for
those who think this is academic, the machines I talk about are used to
create the processors, memory and the other semiconductors of the
computer you use to read this email (among others).
May I ask that if we do "move to historic" action, we qualify this to
the public internet only and explicitly put up a disclaimer that for
embedded environments, requirements may be different and TELNET and FTP
may be appropriate, perhaps more appropriate than "just use SSH" and
hence TELNET/FTP clients and servers have a use in these environments?
For your consideration,
Geert Jan
(explicitly speaking my own opinion here, hence not mentioning machine
names)
