Forum Discussion

R_Marc_77962's avatar
R_Marc_77962
Icon for Nimbostratus rankNimbostratus
Nov 12, 2014

Access issue

We have a requirement for architects to access our BigIPs and verify/validate connectivity. This has worked fine with them having an Auditor role. I've recently upgraded my lower environments to 11.6 and now Auditor users can no longer telnet.

Nov 12 14:32:15 bip notice -tmsh[31137]: 01420002:5: AUDIT - pid=31137 user=***** folder=/Common module=(tmos) status=[Syntax Error: "telnet" unexpected argument] cmd_data=run util telnet

This works fine on units < 11.6.

Is there some way to allow access to telnet? The actual requirement is that the user role allow those in that role to view all the configs and to access telnet, at a minimum (though openssl would be nice too).

Not to put in a dig (actually, specifically, to put in a dig), this is trivial on a NetScaler ;).

4 Replies

  • Why do they need outbound telnet? Its insecure and no bad thing its gone. The ability to telnet into the box hasn't been there since v9 I think.

     

    If you are using it as a testing tool there are plenty of good alternatives.

     

  • R_Marc's avatar
    R_Marc
    Icon for Nimbostratus rankNimbostratus

    Do tell what these alternatives are. I'm not sure why you suggest telnet is insecure. We are talking about connecting to an IP and port. It's a pretty standard troubleshooting/diagnostic tool, nothing inherently insecure about it.

     

  • I've never used it from tmsh, but I just checked and it is missing from my 11.2.1 system. It's just gone from tmsh, it is still on the system.

     

    I don't have a good solution, but noticed you can 'run util test-monitor' to test a monitor against a specific IP/Port. I suppose you could make a generic TCP monitor that would pass or fail based on the port answering.