Configure and use Telnet in Linux. RedHat As5

Source: Internet
Author: User

This has to be one of the more common support callthat I get. the telnet daemon is no longer usually installed by default, so people are surprised when their newly installed Linux system won't answer telnets.

By the way, I am always careful to explain why Telnet isn' t there anymore; that they probably shoshould be thinking about ssh. but sometimes there are perfectly reasonable reasons: it's only going to be used for a few internal users, there's no path from the outside world, or their firewall is going to tightly control access. I 'd still rather see them use SSH, but if they understand its weaknesses and still want to go ahead, so be it.

The first task is to install telnetd. That's the Telnet daemon that will respond to connection requests from Telnet clients. The "Telnet" client is installed by default; The telntd daemon is not.

If you have a system that is connected to the Internet and that has a package manager like up2date, yum or apt-get, you can use that to load this. for example, on a RedHat system, you might do "up2date telnetd" and that wocould go fetch the appropriate rpm, download it and install it. you still need to get it running (see below) but it's now installed.

If you don't have that ability, you need to find the software on your CD's. I'll lead you through an example from a RedHat 9 install.

We have to start by putting one of the CD's into the machine. I happen to know that what we want is on CD 3 for Redhat 9, but we're re going to pretend that I have forgotten that, so I'll first insert Cd 2.

Your system may mount the CD automatically. give it a second, and type "Mount ". if you see/dev/CDROM in one of the output lines, you can proceed to the next step. if not, you need to mount it manually. for RedHat 9, "Mount-r/dev/CDROM/mnt" will work.

Now you need to find the RPM that has telnetd. This command will search the appropriate place:

Ls/mnt/RedHat/RPMS | grep Telnet

If you don't have RedHat 9, you are going to have to search around for the proper drectory yourself. you can "CD/mnt" and do "ls" and continue until you find what you want. remember, you are only looking for RPM's if you are using an RPM based system. you need to know what your OS uses.

If you can't find anything that looks like telnet (and you won't on CD 2 of RedHat 9), you have to move on to the next CD. if you have CD 'd into the mounted directory, You have to CD off that before you can Unmount and eject the CD. if not, you'll get "device is busy" and won't be able to remove the CD. in our sample case, we'll do:

CD/
Umount/dev/CDROM

I coshould have also done:

CD/
Eject CDROM

Now mount the next CD and repeat your search. on Redhat 9, The grep will turn up something like "telnet-server-0.17-20.i386.rpm ". I don't remember the exact numbers from the CD-The important thing is that it's "telnet-server ". however, on other systems, it may not be so obvious. for example, from a RedHat es system:

# Rpm-Q -- whatprovides 'which telnetd'
Krb5-workstation-1.2.7-44

Http://www.rpmfind.net/can sometimes help you find what you need. Once found, it needs to be installed. For the RedHat 9:

Rpm-IV/mnt/RedHat/RPMS/telnet-server *

Now telnetd is installed (and "which telnetd" will show you where if you are using bash). It's not running yet, though. For RedHat 9, do:

Chkconfig telnetd on

Confirm that Telnet now works by "Telnet localhost" or "Telnet 127.0.0.1 ".

However, if you installed the RedHat firewall, Telnet won't be accepting outside connections, not even from your LAN. for RedHat, you can correct that by running "setup", choosing "firewall configuration", select "customize", and "allow incoming Telnet ".

Other systems have other methods for enabling Telnet. Most likely, they use xinetd. For example, it might look like one of these examples from two different systems:

Root # Cat/etc/xinetd. d/telnet
Service telnet
{
Disable = Yes
Socket_type = stream
Wait = No
User = root
Server =/usr/libexec/telnetd
Groups = Yes
Flags = Reuse
}

# Cat/etc/xinetd. d/krb5-telnet
# Default: Off
# Description: The authenticated Telnet Server accepts normal Telnet sessions ,/
# But can also use Kerberos 5 authentication.
Service telnet
{
Disable = No
Flags = Reuse
Socket_type = stream
Wait = No
User = root
Server =/usr/Kerberos/sbin/telnetd
Server_args =-n
Log_on_failure + = userid
}

That's it. the details will vary, but the basic outline is find it, install it, and get it running. you really do need to think about security-not just because it's telnet, but Telnet does raise more flags than other protocols and may even invite more break in attempts if it's on the Internet: the fact that something responds on port 23 may be seen as weakness and cause more attention than otherwise. there are numerous articles here about general security and SSH; I really suggest you at least brush through them.

  1. Install the Telnet package (usually two)
1. telnet-client (or telnet). This package provides the Telnet client program;
2. telnet-server. This package provides telnet server programs;

Check whether these software packages are installed before installation. The method is as follows:
[Root @ root] # rpm-Qa telnet or
[Root @ root] # rpm-Qa telnet-Client
[Root @ root] # rpm-Qa telnet-Server

If no software package is detected, install it. By default, Red Hat has installed the Telnet software package. Generally, you only need to install the telnet-server software package.
1. Get the telnet-server-0.17-25.i386.rpm package from the installation disk of Red Hat Linux 9.
2. install the software package
[Root @ root] # rpm-IVH/mnt/dvdrom/Server/telnet-server-0.17-38.el5.i386.rpm

------------ Possible problems:
Not Installed Xinetd:
Browse the CD location
[Root @ localhost ~] # Find/mnt/dvdrom/Server/xinetd *
/Mnt/dvdrom/Server/xinetd-2.3.14-10.el5.i386.rpm

Ii. Start the Telnet Service
1. Start the service
Method 1: Use ntsysv to add * Before Telnet in the displayed window, and then press OK.
Method 2: edit/etc/xinetd. d/telnet
[Root @ root] # vi/etc/xinetd. d/telnet
Find disable = yes and change Yes to No.

2. Activate the service
[Root @ root] # service xinetd restart

Iii. Test services
[Root @ wljs root] # telnet IP (or hostname)
If the configuration is correct, the system prompts you to enter the user name and password of the remote machine.
Login:
Password:
Note: Only common users are allowed by default.

4. Set the telnet port
# Vi/etc/services
Go to edit mode and find telnet (input/telnet in VI editing mode)
The following content is found:
Telnet 23/tcp
Telnet 23/udp
Modify 23 to an unused port number (for example, 2000), exit VI, restart the telnet service, and modify the default port number for telnet.

V. Telnet service restrictions
Telnet is a plaintext transmission password and data. If you are not satisfied with the default settings, You need to restrict the service scope. Suppose your host's IP address is 210.45.160.17, you can set it as follows, ^_^!

# Vi/etc/xinetd. d/telnet
Service telnet
{
Disable = No # activate the telnet service, no
Bind = 210.45.160.17 # Your IP
Only_from = 210.45.0.0/16 # Only 210.45.0.0 ~ is allowed ~ 210.45.255.255
Only_from = .edu.cn # Only CERNET can access!
No_access = 210.45.160. {115,116} # these two IP addresses cannot be logged on
Access_times =--# The service is only available for these two periods of time every day.
......
}

Vi. login from telnet Root User
Telnet is not safe. By default, the root user is not allowed to use Telnet to access the Linux host. To allow the root user to log on, use the following methods:
[Root @ root] # vi/etc/PAM. d/login
# Auth required pam_securetty.so # Add comments to this line!
Or
[Root @ wljs root] # mv/etc/securetty. Bak
In this way, the root user can directly access the Linux host. However, we recommend that you do not do this. You can also switch to the root user after a common user enters, with the root permission.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.