Projects / Paranoid TelnetD

Paranoid TelnetD

Paranoid TelnetD is written in straight C with few dependencies. It is intended for use with embedded or legacy devices (like the hand-scanners used in warehouses) that communicate via telnet. It features: 'telnet only' user accounts, separate from the system authentication (so only the specified usernames/passwords can login via telnet, and only via telnet); user, IP address, and MAC address whitelisting/blacklisting; chrooting with 'bind mounts' to allow access to certain directories under the chroot jail; and 'honeypot mode' in which all authentication fails and all events are logged at syslog 'crit' level.

Operating Systems

Recent releases

  •  13 Jun 2014 10:40

    Release Notes: The 'shell' entry in authentication files is now honored, so you can specify a per-user shell. Changes were made to support compilation in multilib environments. A ptsname crash in some environments was fixed.

    •  03 Apr 2014 21:29

      Release Notes: This release adds a simple "challenge/response" authentication system, and some minor bugfixes and tidying up.

      •  30 Mar 2014 17:33

        Release Notes: This release adds IPv6 support, fixes segfaults, provides more conservative use of file descriptors, and makes Shadow MD5 passwords work.

        •  13 Feb 2014 18:51

          Release Notes: This is the initial release.

          Recent comments

          25 Mar 2014 14:23 ColumPaget

          # I tried --- ptelnetd -i lo -A shadow,pam --- but I can't get a user to
          # authenticate and log in.

          That should work. The one time I've had a problem with this, it's been because there wasn't a 'telnetd' or 'other' entry set up in /etc/pam.d

          I'll do some experiments with it, particularly with shadow authentication, which I don't often use.

          If you run ptelnetd --help you should see an email address where we can discuss things further.


          24 Mar 2014 20:41 jwramseyjr

          I am trying to use ptelnetd in a very simple way.

          I just want to restrict access to the lo (loopback) interface.

          I tried --- ptelnetd -i lo -A shadow,pam --- but I can't get a user to authenticate and log in.

          I am running openSUSE 13.1 as a test bed, but I eventually hope to run on AIX.

          I'm sure I missed something obvious. What is it?


          Project Spotlight


          A Fluent OpenStack client API for Java.


          Project Spotlight

          TurnKey TWiki Appliance

          A TWiki appliance that is easy to use and lightweight.