The telnet-server
package can be removed with the following command:
$ sudo dnf remove telnet-server
It is detrimental for operating systems to provide, or install by default,
functionality exceeding requirements or mission objectives. These
unnecessary capabilities are often overlooked and therefore may remain
unsecure. They increase the risk to the platform by providing additional
attack vectors.
The telnet service provides an unencrypted remote access service which does
not provide for the confidentiality and integrity of user passwords or the
remote session. If a privileged user were to login using this service, the
privileged user password could be compromised.
Removing the telnet-server package decreases the risk of the
telnet service's accidental (or intentional) activation.
The telnet client allows users to start connections to other systems via the telnet protocol.
The telnet protocol is insecure and unencrypted. The use of an unencrypted transmission medium could allow an unauthorized user to steal credentials. The ssh package provides an encrypted session and stronger security and is included in Fedora.
The telnet daemon, even with ssl support, should be uninstalled.
telnet, even with ssl support, should not be installed. When remote shell is required, up-to-date ssh daemon can be used.
The telnet daemon should be uninstalled.
telnet allows clear text communications, and does not protect any data transmission between client and server. Any confidential data can be listened and no integrity checking is made.'
Make sure that the activation of the telnet service on system boot is disabled.
The telnet
socket can be disabled with the following command:
$ sudo systemctl mask --now telnet.socket
The telnet protocol uses unencrypted network communication, which means that data from the login session, including passwords and all other information transmitted during the session, can be stolen by eavesdroppers on the network. The telnet protocol is also subject to man-in-the-middle attacks.