Log in to the remote host and management (test whether the ip port is connected)
telnet command is used to log in to the remote host and manage the remote host. Because telnet uses clear text to transmit messages, its security is not good. Many Linux servers do not open the telnet service and use the more secure ssh method instead. But there are still many other systems that may use telnet to provide remote login, so it is still necessary to figure out how to use the telnet client.
telnet(options)(parameters)
-8: Allows the use of 8-bit character data, including input and output;
-a: Try to automatically log in to the remote system;
-b<host alias>: Use an alias to specify the remote host name;
-c: Do not read the .telnetrc file in the user-specific directory;
-d: Start debugging mode;
-e<Escape character>: Set the escape character;
-E: Filter out escape characters;
-f: The effect of this parameter is the same as specifying the "-F" parameter;
-F: When using Kerberos V5 authentication, adding this parameter can upload the authentication data of the local host to the remote host;
-k<domain name>: When using Kerberos authentication, add this parameter to let the remote host use the specified domain name instead of the domain name of the host;
-K: Do not automatically log in to the remote host;
-l<user name>: Specify the user name to log in to the remote host;
-L: allows output of 8-bit character data;
-n<record file>: Specify a file to record relevant information;
-r: Use a user interface similar to the rlogin command;
-S<service type>: Set the ip TOS information required for telnet connection;
-x: Assume that the host has the function to support data encryption, use it;
-X<Authentication mode>: Close the specified authentication mode.
$ telnet 192.168.2.10
Trying 192.168.2.10...
Connected to 192.168.2.10 (192.168.2.10).
Escape character is '^]'.
localhost (Linux release 2.6.18-274.18.1.el5 #1 SMP Thu Feb 9 12:45:44 EST 2012) (1)
login: root
Password:
Login incorrect
Under normal circumstances, root is not allowed to log in remotely. You can log in with a normal account first, and then use su - to switch to the root user.
$ telnet 192.168.188.132
Trying 192.168.188.132...
telnet: connect to address 192.168.188.132: Connection refused
telnet: Unable to connect to remote host
How to handle this situation:
Start telnet service
service xinetd restart
Configuration parameters, the usual configuration is as follows:
service telnet
{
disable = no #enable
flags = REUSE #socket can be reused
socket_type = stream #The connection method is TCP
wait = no #Start a process for each request
user = root #The user who starts the service is root
server = /usr/sbin/in.telnetd #The process to be activated
log_on_failure += USERID #Record the login username when login fails
}
If you want to configure the list of clients allowed to log in, add
only_from = 192.168.0.2 #Only allow 192.168.0.2 to log in
If you want to configure a list of clients that are prohibited from logging in, add
no_access = 192.168.0.{2,3,4} #Prohibit 192.168.0.2, 192.168.0.3, 192.168.0.4 login
If you want to set the opening period, add
access_times = 9:00-12:00 13:00-17:00 # Only these two periods are open for service every day (our working hours: P)
If you have two IP addresses, one is a private network IP address such as 192.168.0.2, and the other is a public network IP address such as 218.75.74.83. If you want users to log in to the telnet service only from the private network, then join
bind=192.168.0.2
For the specific meaning and syntax of each configuration item, please refer to the xined configuration file attribute description (man xinetd.conf)
Configure the port and modify the services file:
# vi /etc/services
Find the following two sentences
telnet 23/tcp
telnet 23/udp
If there is a # character in front of it, remove it. The default port of telnet is 23. This port is also the main target of hacker port scanning, so it is best to modify this port. The modification method is very simple, which is to modify the number 23 to a larger number, such as 61123. Note that port numbers below 1024 are reserved by the Internet, so it is best not to use them. You should also be careful not to conflict with the ports of other services.
Start the service:
service xinetd restart