Telnetd-ssl: any idea to fix this error?

puppurlu · February 21, 2025, 5:28pm

Debian release a very interesting telnet version with ssl, is possible to use telnet as an alternative to reach the router in case sshd crash or for some other reason don't work, as emergency. I have tried to compile it using Debian sources and patches.

https://packages.debian.org/sid/telnetd-ssl

And using openwrt sdk on Debian host this is the result (the deps ncurses and ssl are installed)


make[2]: Entering directory '/root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/package/telnetd-ssl'
rm -f /root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/build_dir/target-mips_24kc_musl/netkit-telnet-0.17/.built
touch /root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/build_dir/target-mips_24kc_musl/netkit-telnet-0.17/.built_check
MAKEFLAGS="" /root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/staging_dir/host/bin/ninja  -j1 -C /root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/build_dir/target-mips_24kc_musl/netkit-telnet-0.17 
ninja: Entering directory `/root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/build_dir/target-mips_24kc_musl/netkit-telnet-0.17'
[1/12] Building C object telnetd/CMakeFiles/in.telnetd.dir/setproctitle.c.o
FAILED: telnetd/CMakeFiles/in.telnetd.dir/setproctitle.c.o 
/root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/staging_dir/toolchain-mips_24kc_gcc-13.3.0_musl/bin/mips-openwrt-linux-musl-gcc  -I/root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/build_dir/target-mips_24kc_musl/netkit-telnet-0.17/telnetd/.. -I/usr/include/openssl -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc -fno-caller-saves -fno-plt -fhonour-copts -msoft-float -ffile-prefix-map=/root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/build_dir/target-mips_24kc_musl/netkit-telnet-0.17=netkit-telnet-0.17 -mips16 -minterlink-mips16 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro     -D_GNU_SOURCE     -Ddebian     -DACCEPT_USERVAR     -DSSL_LOG_FILE='"/var/tmp/telnetd.log"'     -Wall     -Wno-trigraphs      -DISSUE_FILE='"/etc/issue.net"'     -DPARANOID_TTYS     -DNO_REVOKE     -DKLUDGELINEMODE     -DDIAGNOSTICS     -DAUTHENTICATE     -DLOGIN_WRAPPER='"/usr/lib/telnetlogin"'     -DUSE_SSL  -DNDEBUG -MD -MT telnetd/CMakeFiles/in.telnetd.dir/setproctitle.c.o -MF telnetd/CMakeFiles/in.telnetd.dir/setproctitle.c.o.d -o telnetd/CMakeFiles/in.telnetd.dir/setproctitle.c.o -c /root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/build_dir/target-mips_24kc_musl/netkit-telnet-0.17/telnetd/setproctitle.c
/root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/build_dir/target-mips_24kc_musl/netkit-telnet-0.17/telnetd/setproctitle.c: In function 'initsetproctitle':
/root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/build_dir/target-mips_24kc_musl/netkit-telnet-0.17/telnetd/setproctitle.c:89:9: error: '__environ' undeclared (first use in this function); did you mean 'environ'?
   89 |         __environ = (char **) malloc(sizeof (char *) * (i + 1));
      |         ^~~~~~~~~
      |         environ
/root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/build_dir/target-mips_24kc_musl/netkit-telnet-0.17/telnetd/setproctitle.c:89:9: note: each undeclared identifier is reported only once for each function it appears in
ninja: build stopped: subcommand failed.
make[2]: *** [Makefile:62: /root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/build_dir/target-mips_24kc_musl/netkit-telnet-0.17/.built] Error 1
make[2]: Leaving directory '/root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/package/telnetd-ssl'
time: package/telnetd-ssl/compile#0.19#0.10#0.22
    ERROR: package/telnetd-ssl failed to build.
make[1]: *** [package/Makefile:189: package/telnetd-ssl/compile] Error 1
make[1]: Leaving directory '/root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64'
make: *** [/root/openwrt-sdk-lantiq-xrx200_gcc-13.3.0_musl.Linux-x86_64/include/toplevel.mk:226: package/telnetd-ssl/compile] Errore 2

puppurlu · February 21, 2025, 5:31pm

This is the makefile (the install part has to fix)

include $(TOPDIR)/rules.mk

PKG_NAME:=telnetd-ssl
PKG_VERSION:=0.17.41
PKG_RELEASE:=1


PKG_SOURCE:=netkit-telnet-ssl_0.17.41+really0.17.orig.tar.gz
PKG_SOURCE_URL:=http://deb.debian.org/debian/pool/main/n/netkit-telnet-ssl
PKG_HASH:=9c80d5c7838361a328fb6b60016d503def9ce53ad3c589f3b08ff71a2bb88e00

PKG_MAINTAINER:=Me
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=COPYING
PKG_BUILD_DIR=$(BUILD_DIR)/netkit-telnet-0.17
CMAKE_INSTALL:=1

include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/nls.mk
include $(INCLUDE_DIR)/cmake.mk


define Package/telnetd-ssl
  SECTION:=net
  CATEGORY:=Network
  DEPENDS:=+libopenssl
  TITLE:=Telnet with ssl support
  URL:=http://deb.debian.org/debian/pool/main/n/netkit-telnet-ssl
endef

CMAKE_OPTIONS += \
	-DCMAKE_INSTALL_PREFIX=/usr \
        -DCMAKE_INSTALL_MANDIR=/usr/man

define Package/telnetd-ssl/install
	$(INSTALL_DIR) $(1)/usr/bin
	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/telnetd-ssl $(1)/usr/bin
	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/telnetd-ssl-{smsd,smsd-
endef

$(eval $(call BuildPackage,telnetd-ssl))

brada4 · February 21, 2025, 5:33pm

Does it build on native alpine linux (musl)?

puppurlu · February 21, 2025, 5:33pm

I have to try it. But I don't know how to start, I have to make the same things of Debian( installing sdk, deps, etc)?

brada4 · February 21, 2025, 5:34pm

Thats the easiest way to rule out glibc-isms.

puppurlu · February 21, 2025, 5:35pm

I will try next days. Starting from now

puppurlu · February 21, 2025, 7:32pm

Give me this error

-- The C compiler identification is GNU 14.2.0
-- The CXX compiler identification is unknown
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - failed
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc - broken
CMake Error at /usr/share/cmake/Modules/CMakeTestCCompiler.cmake:67 (message):
  The C compiler

    "/usr/bin/cc"

  is not able to compile a simple test program.

  It fails with the following output:

    Change Dir: '/root/telnetd-ssl/netkit-telnet-0.17/CMakeFiles/CMakeScratch/TryCompile-pNkecK'
    
    Run Build Command(s): /usr/bin/cmake -E env VERBOSE=1 /usr/bin/gmake -f Makefile cmTC_4578f/fast
    /usr/bin/gmake  -f CMakeFiles/cmTC_4578f.dir/build.make CMakeFiles/cmTC_4578f.dir/build
    gmake[1]: Entering directory '/root/telnetd-ssl/netkit-telnet-0.17/CMakeFiles/CMakeScratch/TryCompile-pNkecK'
    Building C object CMakeFiles/cmTC_4578f.dir/testCCompiler.c.o
    /usr/bin/cc    -o CMakeFiles/cmTC_4578f.dir/testCCompiler.c.o -c /root/telnetd-ssl/netkit-telnet-0.17/CMakeFiles/CMakeScratch/TryCompile-pNkecK/testCCompiler.c
    Linking C executable cmTC_4578f
    /usr/bin/cmake -E cmake_link_script CMakeFiles/cmTC_4578f.dir/link.txt --verbose=1
    /usr/bin/cc CMakeFiles/cmTC_4578f.dir/testCCompiler.c.o -o cmTC_4578f
    /usr/lib/gcc/x86_64-alpine-linux-musl/14.2.0/../../../../x86_64-alpine-linux-musl/bin/ld: cannot find Scrt1.o: No such file or directory
    /usr/lib/gcc/x86_64-alpine-linux-musl/14.2.0/../../../../x86_64-alpine-linux-musl/bin/ld: cannot find crti.o: No such file or directory
    /usr/lib/gcc/x86_64-alpine-linux-musl/14.2.0/../../../../x86_64-alpine-linux-musl/bin/ld: cannot find -lssp_nonshared: No such file or directory
    collect2: error: ld returned 1 exit status
    gmake[1]: *** [CMakeFiles/cmTC_4578f.dir/build.make:102: cmTC_4578f] Error 1
    gmake[1]: Leaving directory '/root/telnetd-ssl/netkit-telnet-0.17/CMakeFiles/CMakeScratch/TryCompile-pNkecK'
    gmake: *** [Makefile:133: cmTC_4578f/fast] Error 2
    
    

  

  CMake will not be able to correctly generate this project.
Call Stack (most recent call first):
  CMakeLists.txt:2 (project)


CMake Error at CMakeLists.txt:2 (project):
  No CMAKE_CXX_COMPILER could be found.

  Tell CMake where to find the compiler by setting either the environment
  variable "CXX" or the CMake cache entry CMAKE_CXX_COMPILER to the full path
  to the compiler, or to the compiler name if it is in the PATH.


-- Configuring incomplete, errors occurred!

puppurlu · February 21, 2025, 7:38pm

I install all deps required (patch, gcc, cmake, libgc++, musl-dev, g++, ncurses-dev, openssl-dev)

and give me this error

make[2]: Entering directory '/root/telnetd-ssl/netkit-telnet-0.17'
[ 67%] Building C object telnetd/CMakeFiles/in.telnetd.dir/global.c.o
cd /root/telnetd-ssl/netkit-telnet-0.17/telnetd && /usr/bin/cc  -I/root/telnetd-ssl/netkit-telnet-0.17/telnetd/.. -I/usr/include/openssl -D_GNU_SOURCE     -Ddebian     -DACCEPT_USERVAR     -DSSL_LOG_FILE='"/var/tmp/telnetd.log"'     -Wall     -Wno-trigraphs      -DISSUE_FILE='"/etc/issue.net"'     -DPARANOID_TTYS     -DNO_REVOKE     -DKLUDGELINEMODE     -DDIAGNOSTICS     -DAUTHENTICATE     -DLOGIN_WRAPPER='"/usr/lib/telnetlogin"'     -DUSE_SSL  -MD -MT telnetd/CMakeFiles/in.telnetd.dir/global.c.o -MF CMakeFiles/in.telnetd.dir/global.c.o.d -o CMakeFiles/in.telnetd.dir/global.c.o -c /root/telnetd-ssl/netkit-telnet-0.17/telnetd/global.c
[ 70%] Building C object telnetd/CMakeFiles/in.telnetd.dir/setproctitle.c.o
cd /root/telnetd-ssl/netkit-telnet-0.17/telnetd && /usr/bin/cc  -I/root/telnetd-ssl/netkit-telnet-0.17/telnetd/.. -I/usr/include/openssl -D_GNU_SOURCE     -Ddebian     -DACCEPT_USERVAR     -DSSL_LOG_FILE='"/var/tmp/telnetd.log"'     -Wall     -Wno-trigraphs      -DISSUE_FILE='"/etc/issue.net"'     -DPARANOID_TTYS     -DNO_REVOKE     -DKLUDGELINEMODE     -DDIAGNOSTICS     -DAUTHENTICATE     -DLOGIN_WRAPPER='"/usr/lib/telnetlogin"'     -DUSE_SSL  -MD -MT telnetd/CMakeFiles/in.telnetd.dir/setproctitle.c.o -MF CMakeFiles/in.telnetd.dir/setproctitle.c.o.d -o CMakeFiles/in.telnetd.dir/setproctitle.c.o -c /root/telnetd-ssl/netkit-telnet-0.17/telnetd/setproctitle.c
/root/telnetd-ssl/netkit-telnet-0.17/telnetd/setproctitle.c: In function 'initsetproctitle':
/root/telnetd-ssl/netkit-telnet-0.17/telnetd/setproctitle.c:89:9: error: '__environ' undeclared (first use in this function); did you mean 'environ'?
   89 |         __environ = (char **) malloc(sizeof (char *) * (i + 1));
      |         ^~~~~~~~~
      |         environ
/root/telnetd-ssl/netkit-telnet-0.17/telnetd/setproctitle.c:89:9: note: each undeclared identifier is reported only once for each function it appears in
make[2]: *** [telnetd/CMakeFiles/in.telnetd.dir/build.make:96: telnetd/CMakeFiles/in.telnetd.dir/setproctitle.c.o] Error 1
make[2]: Leaving directory '/root/telnetd-ssl/netkit-telnet-0.17'
make[1]: *** [CMakeFiles/Makefile2:209: telnetd/CMakeFiles/in.telnetd.dir/all] Error 2
make[1]: Leaving directory '/root/telnetd-ssl/netkit-telnet-0.17'
make: *** [Makefile:139: all] Error 2

puppurlu · February 21, 2025, 7:39pm

I have replace __environ with environ as make suggest, new error now

ENTICATE     -DLOGIN_WRAPPER='"/usr/lib/telnetlogin"'     -DUSE_SSL  -MD -MT telnetd/CMakeFiles/in.telnetd.dir/sys_term.c.o -MF CMakeFiles/in.telnetd.dir/sys_term.c.o.d -o CMakeFiles/in.telnetd.dir/sys_term.c.o -c /root/telnetd-ssl/netkit-telnet-0.17/telnetd/sys_term.c
/root/telnetd-ssl/netkit-telnet-0.17/telnetd/sys_term.c: In function 'cleanup':
/root/telnetd-ssl/netkit-telnet-0.17/telnetd/sys_term.c:747:9: error: implicit declaration of function 'logout' [-Wimplicit-function-declaration]
  747 |     if (logout(p)) logwtmp(p, "", "");
      |         ^~~~~~
/root/telnetd-ssl/netkit-telnet-0.17/telnetd/sys_term.c:747:20: error: implicit declaration of function 'logwtmp' [-Wimplicit-function-declaration]
  747 |     if (logout(p)) logwtmp(p, "", "");
      |                    ^~~~~~~
make[2]: *** [telnetd/CMakeFiles/in.telnetd.dir/build.make:138: telnetd/CMakeFiles/in.telnetd.dir/sys_term.c.o] Error 1
make[2]: Leaving directory '/root/telnetd-ssl/netkit-telnet-0.17'
make[1]: *** [CMakeFiles/Makefile2:209: telnetd/CMakeFiles/in.telnetd.dir/all] Error 2
make[1]: Leaving directory '/root/telne

brada4 · February 21, 2025, 7:47pm

Thats from -lpam .... By now id have given up...

puppurlu · February 21, 2025, 8:57pm

Seems the two functions are not defined anywhere on AlpineLinux


/* Write the utmp entry to say the user on UT_LINE has logged out.  */
extern int logout (const char *__ut_line) __THROW;

/* Append to wtmp an entry for the current time and the given info.  */
extern void logwtmp (const char *__ut_line, const char *__ut_name,
                     const char *__ut_host) __THROW;

tryng to insert in on header file make only a lot of errors

puppurlu · February 21, 2025, 9:00pm

If I remove the cleanup function and all references the program compile.
Now I try if work

brada4 · February 21, 2025, 9:13pm

Whats wrong with ssh

puppurlu · February 21, 2025, 9:25pm

Nothing. But I have problems with it when upgrade openwrt version sometimes

telnetd-ssl can make a good alternative when ssh don't work
you can also debug ssh and know why don't work with a shell session

puppurlu · February 21, 2025, 9:28pm

Returning to telnetd on alpine Linux works..but not with ssl
I also tried to enable all debug options but syslog don't report anything


`telnet stream tcp nowait root /usr/sbin/telnetd telnetd -z cert=/etc/ssl/certs/alpine.priv.crt -z key=/etc/ssl/private/alpine.priv.key -L /usr/bin/telnetlogin -z secure -z certsok  -a debug -z debug -edebug`

telnet 192.168.201.199
Trying 192.168.201.199...
telnet: Unable to connect to remote host: Connection refused

disabling the ssl options (-z) works

but not encrypted!

EDIT: works using the correct path

telnet stream tcp nowait root /usr/sbin/in.telnetd telnetd -L /usr/bin/telnetlogin -z cacert=/etc/ssl/certs/my.priv.crt -z cert=/etc/ssl/certs/alpine1.priv.crt -z key=/etc/ssl/private/alpine1.priv.key -z secure -z certsok

brada4 · February 21, 2025, 9:31pm

You can run inetd command directly.

puppurlu · February 21, 2025, 9:36pm

IT WORKS!


Trying 192.168.201.199...
Connected to 192.168.201.199.
Escape character is '^]'.
[SSL - attempting to switch on SSL]
[SSL - handshake starting]
[SSL - OK]

Linux 6.12.15-0-lts (alpine1.rosso.priv) (1)

alpine1 login: myuser
Password: 
Welcome to Alpine!

The Alpine Wiki contains a large amount of how-to guides and general
information about administrating Alpine systems.
See <https://wiki.alpinelinux.org/>.

You can setup the system with the command: setup-alpine

You may change this message by editing /etc/motd.

alpine1:~$

So the solution was to remove the function undefined on this system and all references to it
The software works fine, but when you close the session it freeze after logout (a workaround is escape+exit)

brada4 · February 21, 2025, 9:38pm

Make your changes into a patch, add patch directory with patch file and maybe -Wall needs 2 more changes.
btw you can get ssh in failsafe...

puppurlu · February 21, 2025, 9:39pm

Only the problem, at logout stuck

"
alpine1:~$
logout

"

Secure related to remove of "cleanup" function

But there is a good workaround

use escape ^]
then exit

puppurlu · February 21, 2025, 9:40pm

I will try it tomorrow hope works also on sdk