如何关闭 dubbo telnet调试功能

[ywww]

由于安全问题, 需要关闭 dubbo telnet调试功能

[kexianjun]

当前版本似乎没有看到关闭telnet的代码

[tswstarplanet]

由于安全问题, 需要关闭 dubbo telnet调试功能

你是指的telnet之后invoke吗？

[AnyOSR]

我看的2.6.x版本好像没有关闭telnet的代码，可以稍微改下源码然后重新编译一下

[carryxyh]

目前大体情况是，dubbo协议不允许关闭telnet。
rest等协议不支持telnet。

#2033 (comment)

[kexianjun]

支持关闭telnet，我本地有实现过，在下面调用handler.telnet(channel, (String) message)的时候加个配置判断一下，不知道这样是否可行？ @carryxyh

public void received(Channel channel, Object message) throws RemotingException {
        channel.setAttribute(KEY_READ_TIMESTAMP, System.currentTimeMillis());
        ExchangeChannel exchangeChannel = HeaderExchangeChannel.getOrAddChannel(channel);
        try {
            if (message instanceof Request) {
                // handle request.
                Request request = (Request) message;
                if (request.isEvent()) {
                    handlerEvent(channel, request);
                } else {
                    if (request.isTwoWay()) {
                        Response response = handleRequest(exchangeChannel, request);
                        channel.send(response);
                    } else {
                        handler.received(exchangeChannel, request.getData());
                    }
                }
            } else if (message instanceof Response) {
                handleResponse(channel, (Response) message);
            } else if (message instanceof String) {
                if (isClientSide(channel)) {
                    Exception e = new Exception("Dubbo client can not supported string message: " + message + " in channel: " + channel + ", url: " + channel.getUrl());
                    logger.error(e.getMessage(), e);
                } else {
                    String echo = handler.telnet(channel, (String) message);
                    if (echo != null && echo.length() > 0) {
                        channel.send(echo);
                    }
                }
            } else {
                handler.received(exchangeChannel, message);
            }
        } finally {
            HeaderExchangeChannel.removeChannelIfDisconnected(channel);
        }
    }

[carryxyh]

@kexianjun
个人认为可以。可以成为一个临时方案。未来dubbo的telnet功能应该会集成到QOS里，到时候关闭QOS即可。但是目前我在issue列表里看到好多次关闭telnet的问题，我们可以暂时用配置修复它。愿意提交一个PR来解决这个问题么

[kexianjun]

@kexianjun
个人认为可以。可以成为一个临时方案。未来dubbo的telnet功能应该会集成到QOS里，到时候关闭QOS即可。但是目前我在issue列表里看到好多次关闭telnet的问题，我们可以暂时用配置修复它。愿意提交一个PR来解决这个问题么

pls review this pr #2809

[kcysk]

这个功能将会在哪个版本放出来？

[carryxyh]

@kcysk
应该会在2.6.6版本

[kcysk]

👌，谢谢

[beiwei30]

I believe #2925 from @kexianjun should satisfy this particular requirement, to disable telnet, simply configure

<dubbo:protocol name="dubbo" port="20890" telnet="help"/>

In this way, only help is available for executing, and other commands are disabled.

I don't agree with the idea of introducing another flag to control this func. A better way to disable telent should be:

<dubbo:protocol name="dubbo" port="20890" telnet="disabled"/>

Then we can use this magic word disabled in org.apache.dubbo.remoting.telnet.support.TelnetHandlerAdapter to return immediately.

What do you think, Guys?

[kexianjun]

Sure it's better to config <dubbo:protocol name="dubbo" port="20890" telnet="disabled"/> to disable telnet than this pr #2809 of mine.

[carryxyh]

@kexianjun @beiwei30
Maybe we should close the duplicate pr #2809 and fix the doc.
Then we can close this issue.
How do u think?

[kexianjun]

@carryxyh @beiwei30 I've closed this pr #2809. And do we need config like <dubbo:protocol name="dubbo" port="20890" telnet="disabled"/> ?

[TotalForgot]

@kexianjun @beiwei30 Dears, for Dubbo 2.7.6, the configuration does not work anymore. The "disabled" configuration will lead to an exception.
Could you please let us know what should we configure now in 2.7.6 version to disable telnet?

[kexianjun]

@kexianjun @beiwei30 Dears, for Dubbo 2.7.6, the configuration does not work anymore. The "disabled" configuration will lead to an exception.
Could you please let us know what should we configure now in 2.7.6 version to disable telnet?

pls config like the following

<dubbo:protocol name="dubbo" port="20890" telnet="help"/>

and refer to #2795 (comment)

[TotalForgot]

Thanks @kexianjun for your answer.
This means there is currently no possible way of actually disable the telnet listening when starting Dubbo protocol, but we can only limit the number of allowed commands.

[kexianjun]

Thanks @kexianjun for your answer.
This means there is currently no possible way of actually disable the telnet listening when starting Dubbo protocol, but we can only limit the number of allowed commands.

yes