Forum Discussion
NimbostratusAccess issue
We have a requirement for architects to access our BigIPs and verify/validate connectivity. This has worked fine with them having an Auditor role. I've recently upgraded my lower environments to 11.6 and now Auditor users can no longer telnet.
Nov 12 14:32:15 bip notice -tmsh[31137]: 01420002:5: AUDIT - pid=31137 user=***** folder=/Common module=(tmos) status=[Syntax Error: "telnet" unexpected argument] cmd_data=run util telnet
This works fine on units < 11.6.
Is there some way to allow access to telnet? The actual requirement is that the user role allow those in that role to view all the configs and to access telnet, at a minimum (though openssl would be nice too).
Not to put in a dig (actually, specifically, to put in a dig), this is trivial on a NetScaler ;).
4 Replies
What_Lies_Bene1Cirrostratus
Why do they need outbound telnet? Its insecure and no bad thing its gone. The ability to telnet into the box hasn't been there since v9 I think.
If you are using it as a testing tool there are plenty of good alternatives.
- R_Marc
Do tell what these alternatives are. I'm not sure why you suggest telnet is insecure. We are talking about connecting to an IP and port. It's a pretty standard troubleshooting/diagnostic tool, nothing inherently insecure about it.
mimlo_61970Cumulonimbus
I've never used it from tmsh, but I just checked and it is missing from my 11.2.1 system. It's just gone from tmsh, it is still on the system.
I don't have a good solution, but noticed you can 'run util test-monitor' to test a monitor against a specific IP/Port. I suppose you could make a generic TCP monitor that would pass or fail based on the port answering.
- mimlo_61970Just realized that tests external monitors only
