How to disable the telnet console?

Posted on
  • Having an open telnet port the default configuration of the esp8266 is insecure: Anyone with access to your network can take control of your all your esp8266 devices, not even needing a password. IoT botnets are a reality for a few years (e.g. Mirai), I just wonder:
    -Why is this the default configuration?
    -How to disable the telnet port, other than building a custom firmware?

    maze

  • Hi Maze,

    and port 88 is open too, used for OTA.

    not even needing a password

    check E.setPassword, so it depends on the code.

    How to disable the telnet port, other than building a custom firmware?

    you might use this:

    ts = require('TelnetServer');
    // enable telnet 
    ts.setOptions({"mode":"on"})
    // disable telnet
    ts.setOptions({"mode":"off"})
    
  • Thanks for the info about TelnetServer...and what about port 88, is there something similar available?

  • and what about port 88, is there something similar available?

    Disable/Enable ota ist not implemted.

    have a look at ots function sets:

    https://github.com/espruino/Espruino/blo­b/master/libs/network/esp8266/ota.c

    Feel free to implement something like ota.setMode({mode="on|off");

  • I would not implement something like ota.setMode({mode="on|off") because it'll be still insecure if enabled. Signed updates only would be the way to go, but that would require proper key management, that is not comfortable at all - unless it is build into the IDE.
    I'll try to remove all ota.h/ota.c references from the code, and re-compile without.

    Telnet and OTA are nice features for development, that is I have to agree. But they should not go to the wild, unless you want Espruino devices to join Mirai and other botnets. In my opinion they should be disabled in the standard firmware.

  • Remove OTA from firmware will give you 1kB extra heap memory

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

How to disable the telnet console?

Posted by Avatar for maze1980 @maze1980

Actions