Use SSH2 instead of telnetpp #5481

Closed
opened 2026-01-31 00:14:23 +00:00 by claunia · 2 comments
Owner

Originally created by @WSLUser on GitHub (Dec 9, 2019).

Description of the new feature/enhancement

Instead of using insecure telnet, why not use ssh? Even devs have to consider security. https://github.com/mscdex/ssh2 seems like a suitable replacement to telnetpp. Granted it's in TS/JS instead of C++ but we already have some JS for windbg so precedent set.

A clear and concise description of what the problem is that the new feature would solve.

Describe why and how a user would use this new functionality (if applicable).

Removes a security vulnerability.

Proposed technical implementation details (optional)

A clear and concise description of what you want to happen.

Have a secure alternative to telnet.

Originally created by @WSLUser on GitHub (Dec 9, 2019). <!-- 🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨 I ACKNOWLEDGE THE FOLLOWING BEFORE PROCEEDING: 1. If I delete this entire template and go my own path, the core team may close my issue without further explanation or engagement. 2. If I list multiple bugs/concerns in this one issue, the core team may close my issue without further explanation or engagement. 3. If I write an issue that has many duplicates, the core team may close my issue without further explanation or engagement (and without necessarily spending time to find the exact duplicate ID number). 4. If I leave the title incomplete when filing the issue, the core team may close my issue without further explanation or engagement. 5. If I file something completely blank in the body, the core team may close my issue without further explanation or engagement. All good? Then proceed! --> # Description of the new feature/enhancement Instead of using insecure telnet, why not use ssh? Even devs have to consider security. https://github.com/mscdex/ssh2 seems like a suitable replacement to telnetpp. Granted it's in TS/JS instead of C++ but we already have some JS for windbg so precedent set. # A clear and concise description of what the problem is that the new feature would solve. Describe why and how a user would use this new functionality (if applicable). Removes a security vulnerability. # Proposed technical implementation details (optional) # A clear and concise description of what you want to happen. Have a secure alternative to telnet.
claunia added the Issue-QuestionNeeds-Tag-FixResolution-Answered labels 2026-01-31 00:14:23 +00:00
Author
Owner

@zadjii-msft commented on GitHub (Dec 9, 2019):

Hey thanks for your concern! The telnet connection added in #3858 isn't really supposed to be a public-facing tool. In fact, it's something that we've only really added for internal testing. We know telnet's not particularly secure, but we have no intention of the public ever using it 😉

@zadjii-msft commented on GitHub (Dec 9, 2019): Hey thanks for your concern! The telnet connection added in #3858 isn't really supposed to be a public-facing tool. In fact, it's something that we've only really added for internal testing. We _know_ telnet's not particularly secure, but we have no intention of the public ever using it 😉
Author
Owner

@DHowett-MSFT commented on GitHub (Dec 9, 2019):

Additionally: the existence of a telnet client is not in itself a security issue.

@DHowett-MSFT commented on GitHub (Dec 9, 2019): Additionally: the existence of a telnet _client_ is not in itself a security issue.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/terminal#5481