Telnet in Linux


Telnet is a program that allows users to log into your server and get a command prompt just as if they were logged into the VGA console.One of the disadvantages of Telnet is that the data is sent as clear text. This means that it is possible for someone to use a network analyzer to peek into your data packets and see your username and password. A more secure method for remote logins would be via Secure Shell (SSH) which uses varying degrees of encryption.

Using The Telnet Client

The command to do remote logins via telnet from the command line is simple.You enter the word telnet and then the IP address or server name to which you want to connect.

Here is an example of someone logging into a remote server named hunt from server alex The user looks at the routing table and then logs out.

[root@alex]# telnet 192.168.1.105

Trying 192.168.1.105…

Connected to 192.168.1.105.

Escape character is ‘^]’.

Linux 2.4.18-14 (hunt.my-site.com) (10:35 on Sunday, 05 January 2011)

Login: alex

Password:

Last login: Fri Nov 22 23:29:44 on ttyS0

You have new mail.

[alex@hunt]$

[alex@hunt]$ hostname

hunt

[alex@hunt]$ exit

logout

 Installing The Telnet Server Software

Older versions of RedHat had the Telnet server installed by default. Most Linux software products are available in a precompiled package format.When searching for the file, remember that the Telnet server RPM’s filename usually starts with the word “telnet-server” followed by a version number as in telnet-server-0.17-28.i386.rpm.

Setting Up A Telnet Server

Setting up the telnet server is easy to do, but the procedure differs between Linux distributions.

To set up a Telnet server use the chkconfig command to activate Telnet.

[root@alex]# chkconfig telnet on

You can also use the chkconfig –list command to verify that telnet will be started on the next reboot.

[root@alex]# chkconfig –list | grep telnet

telnet: on

Note: You can test whether the Telnet process is running with the following command which is used to check the TCP/UDP ports on which your server is listening, if it isn’t running then there will be no response.

[root@alex]# netstat -a | grep telnet

tcp        0        0        *:telnet        *:*        LISTEN

Basic Telnet Security

There are a number of things you can do to improve the security of telnet. For example, you should also try to ensure that telnet sessions run over secure internal networks or across VPNs to reduce the risk of exposing sensitive data to unauthorized eyes. Check out some other options.

Let Telnet Listen On Another TCP Port

Letting telnet run on an alternate TCP port doesn’t encrypt the traffic, but it makes it less likely to be detected as telnet traffic. Remember that this isn’t a foolproof strategy; good port scanning programs can detect telnet and other applications running on alternative ports.

1) Edit your /etc/services file and add an entry for a new service.Call it stelnet.

# Local services

stelnet         7777/tcp                        # “secure” telnet

 2) Copy the telnet configuration file called /etc/xinetd.d/telnet and call it /etc/xinetd.d/stelnet:

[root@alex]# cp /etc/xinetd.d/telnet /etc/xinetd.d/stelnet

3) Edit the new /etc/xinetd.d/stelnet file. Make the new service stelnet and add a port statement for TCP port 7777.

# default: on

# description: The telnet server serves telnet sessions

# unencrypted username/password pairs for authentication.

service stelnet

{

       flags                      = REUSE

       socket_type       = stream

       wait                       = no

       user                       = root

       server                   = /usr/sbin/in.telnetd

       log_on_failure += USERID

       disable                 = no

       port                       = 7777

}

 4) Use chkconfig to activate stelnet.

# chkconfig stelnet on

5) Check to make sure your server is now listening on port 7777 with the netstat command.

[root@alex]# netstat -an | grep 7777

tcp   0  0 0.0.0.0:7777       0.0.0.0:*          LISTEN

You should now be able to log in to the new stelnet server on port 7777. This is done using the telnet command with the TCP port as the second argument.

[root@alex]# telnet 192.168.1.100 7777

Trying 192.168.1.100…

Connected to 192.168.1.100.

Escape character is ‘^]’.

Fedora Core release 2 (Tettnang)

Kernel 2.6.8-1.521 on an i686

login:

Let Telnet Allow Connections From Trusted Addresses

You can restrict telnet logins access to individual remote servers by using the only from keyword in the telnet configuration file. Here’s how.

1) Add a list of trusted servers to the /etc/xinetd.d/telnet file separated by spaces:

# default: on

# description: The telnet server serves telnet sessions

# unencrypted username/password pairs for authentication.

service telnet

{

       flags                                         = REUSE

       socket_type                          = stream

       wait                                          = no

       user                                          = root

       server                                      = /usr/sbin/in.telnetd

       log_on_failure                  += USERID

       disable                                   = no

       only_from                             = 192.168.1.100 127.0.0.1 192.168.1.200

}

2) Restart telnet.

[root@alex]# chkconfig telnet off

[root@alex]# chkconfig telnet on

3) Test the telnet session.Servers that are not on the trusted list get the message Connection closed by foreign host.

[root@hunt ]# telnet 192.168.1.100

Trying 192.168.1.100…

Connected to 192.168.1.100.

Escape character is ‘^]’.

Connection closed by foreign host.

[root@hunt ]#

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in Linux/CentOS. Bookmark the permalink.

2 Responses to Telnet in Linux

  1. I simply couldn’t go away your web site before suggesting that I really loved the standard information an individual supply on your
    guests? Is gonna be again ceaselessly in order to check up on new posts

    Like

  2. You ought to be a part of a contest for one of
    the greatest blogs on the internet. I most certainly will highly recommend this website!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s