Security Portal: Why do vendors ship us junk they wouldn't use? | Linux Today

Security Portal: Why do vendors ship us junk they wouldn’t use?

Written By
Web Webster
Web Webster
Jul 5, 2000

“This is something I have been thinking about off and on for a
while. Why do vendors ship software that they themselves won’t use?
Most Linux vendors ship the same general packages – Sendmail
for SMTP mail services, WuFTPD for FTP, Telnet for remote access
and so on. The kicker, though, is that most of these vendors use
different software on their servers….

“Telnet:
This one just makes me angry. Does anyone honestly think that
vendors are using Telnet to access their servers and conduct remote
administration? OpenSSH is extremely mature and rock solid on Linux
– numerous packages are available and many free Windows clients, as
well (several Java ones, too). Linux vendors should adopt the
OpenBSD policy: OpenSSH is installed and enabled by default, Telnet
is installed but not enabled by default.”

“It would be a cinch for non-U.S. distributions to include
OpenSSH, and U.S.-based distributions could find several easy ways
around it (e.g., ftp.redhat.de has up-to-date OpenSSH rpm’s for
most major releases of Red Hat Linux). If OpenSSH is not available
during initial install (the user does not have access to a network,
for example) it should be easy to obtain post-install. The OpenSSL
and OpenSSH binaries combined are only around 1.1 megabytes; even
on a slow dialup link, this download would take no more then 10
minutes (and I do mean a slow dialup link).”

“Telnet is completely broken. It cannot be fixed. Even the use
of one-time password schemes still leaves Telnet vulnerable to
session hijacking.”

Complete
Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.