telnet

Log in to the remote host and management (test whether the ip port is connected)

Supplementary instructions

telnet command is used to log in to the remote host and manage the remote host. Because telnet uses clear text to transmit messages, its security is not good. Many Linux servers do not open the telnet service and use the more secure ssh method instead. But there are still many other systems that may use telnet to provide remote login, so it is still necessary to figure out how to use the telnet client.

grammar

telnet(options)(parameters)

Options

-8: Allows the use of 8-bit character data, including input and output;
-a: Try to automatically log in to the remote system;
-b<host alias>: Use an alias to specify the remote host name;
-c: Do not read the .telnetrc file in the user-specific directory;
-d: Start debugging mode;
-e<Escape character>: Set the escape character;
-E: Filter out escape characters;
-f: The effect of this parameter is the same as specifying the "-F" parameter;
-F: When using Kerberos V5 authentication, adding this parameter can upload the authentication data of the local host to the remote host;
-k<domain name>: When using Kerberos authentication, add this parameter to let the remote host use the specified domain name instead of the domain name of the host;
-K: Do not automatically log in to the remote host;
-l<user name>: Specify the user name to log in to the remote host;
-L: allows output of 8-bit character data;
-n<record file>: Specify a file to record relevant information;
-r: Use a user interface similar to the rlogin command;
-S<service type>: Set the ip TOS information required for telnet connection;
-x: Assume that the host has the function to support data encryption, use it;
-X<Authentication mode>: Close the specified authentication mode.

Parameters

• Remote host: Specify the remote host to log in for management;
• Port: Specify the port number used by the TELNET protocol.

Example

$ telnet 192.168.2.10
Trying 192.168.2.10...
Connected to 192.168.2.10 (192.168.2.10).
Escape character is '^]'.

     localhost (Linux release 2.6.18-274.18.1.el5 #1 SMP Thu Feb 9 12:45:44 EST 2012) (1)

login: root
Password:
Login incorrect

Under normal circumstances, root is not allowed to log in remotely. You can log in with a normal account first, and then use su - to switch to the root user.

$ telnet 192.168.188.132
Trying 192.168.188.132...
telnet: connect to address 192.168.188.132: Connection refused
telnet: Unable to connect to remote host

How to handle this situation:

1. Confirm whether the IP address is correct?
2. Confirm whether the host corresponding to the IP address is powered on?
3. If the host has been started, confirm whether the routing settings are set correctly? (Use the route command to view)
4. If the host has been started, confirm whether the telnet service is enabled on the host? (Use the netstat command to check whether there is a line with LISTEN status on TCP port 23)
5. If the host has started the telnet service, confirm whether the firewall has allowed access to port 23? (View using iptables-save)

Start telnet service

service xinetd restart

Configuration parameters, the usual configuration is as follows:

service telnet
{
     disable = no #enable
     flags = REUSE #socket can be reused
     socket_type = stream #The connection method is TCP
     wait = no #Start a process for each request
     user = root #The user who starts the service is root
     server = /usr/sbin/in.telnetd #The process to be activated
     log_on_failure += USERID #Record the login username when login fails
}

If you want to configure the list of clients allowed to log in, add

only_from = 192.168.0.2 #Only allow 192.168.0.2 to log in

If you want to configure a list of clients that are prohibited from logging in, add

no_access = 192.168.0.{2,3,4} #Prohibit 192.168.0.2, 192.168.0.3, 192.168.0.4 login

If you want to set the opening period, add

access_times = 9:00-12:00 13:00-17:00 # Only these two periods are open for service every day (our working hours: P)

If you have two IP addresses, one is a private network IP address such as 192.168.0.2, and the other is a public network IP address such as 218.75.74.83. If you want users to log in to the telnet service only from the private network, then join

bind=192.168.0.2

For the specific meaning and syntax of each configuration item, please refer to the xined configuration file attribute description (man xinetd.conf)

Configure the port and modify the services file:

# vi /etc/services

Find the following two sentences

telnet 23/tcp
telnet 23/udp

If there is a # character in front of it, remove it. The default port of telnet is 23. This port is also the main target of hacker port scanning, so it is best to modify this port. The modification method is very simple, which is to modify the number 23 to a larger number, such as 61123. Note that port numbers below 1024 are reserved by the Internet, so it is best not to use them. You should also be careful not to conflict with the ports of other services.

Start the service:

service xinetd restart