ExampleExample 1: remote server access failure
[root@linuxprobe ~]# telnet 192.168.120.209Trying 192.168.120.209...telnet: connect to address 192.168.120.209: No route to hosttelnet: Unable to connect to remote host: No route to host
To solve this problem:
(1) check whether the IP address is correct
(2) check whether the installation corresponding to the IP address has been started.
(3) If the host has been started, check whether the route settings are correct (use the route command to view details)
(4) If the host has been started, check whether the telnet service is enabled on the host (use the netstat command to check whether the TCP port 23 has a LISTEN status line)
(5) If the telnet service is enabled on the host, check whether port 23 is enabled in the firewall (use iptables-save to check)
Example 2: The domain name cannot be resolved
[root@linuxprobe ~]# telnet www.baidu.comwww.baidu.com/telnet: Temporary failure in name resolution
To solve this problem:
(1) Confirm that the domain name is correct
(2) check whether the settings related to domain name resolution on the local machine are correct (if the nameserver configuration in/etc/resolv. conf is correct, if not, use nameserver 8.8.8.8)
(3) check whether the firewall has opened the access to the UDP53 port (DNS uses UDP protocol, port 53, and iptables-save to view)
Example 3: Access Denied
[root@linuxprobe ~]# telnet 192.168.120.206 Trying 192.168.120.206...telnet: connect to address 192.168.120.206: Connection refusedtelnet: Unable to connect to remote host: Connection refused
To solve this problem:
(1) check whether the IP address or host name is correct
(2) check whether the port is correct and whether the default port is port 23.
To check whether a port of 192.168.120.206 can be accessed, such as port 443, run the following command:
[root@linuxprobe ~]# telnet 192.168.120.206 443Trying 192.168.120.206...telnet: connect to address 192.168.120.206: Connection refused
Note: port 443 of 192.168.120.206 cannot be accessed.
Example 4: telnet root User Login
[root@linuxprobe ~]# telnet 192.168.120.204Trying 192.168.120.204...Connected to 192.168.120.204 (192.168.120.204).Escape character is '^]'. localhost (Linux release 2.6.18-274.18.1.el5 #1 SMP Thu Feb 9 12:45:44 EST 2012) (1)login: rootPassword: Login incorrect
Note: Generally, root users are not allowed to log on remotely. you can log on with a common account and then su-switch to the root user. To allow the root user to log on, use the following methods:
[Root @ linuxprobe ~] # Vi/etc/pam. d/login # auth required pam_securetty.so # Add comments to this line! Or [root @ linuxprobe ~] # Mv/etc/securetty. bak
Example 5: Enable the telnet Service
[Root @ linuxprobe ~] # Cd/etc/xinetd. d/[root @ linuxprobe xinetd. d] # ll total 124-rw-r -- r -- 1 root 1157 chargen-dgram-rw-r -- 1 root 1159 chargen-stream-rw-r -- 1 root 523 cvs-rw-r -- 1 root 1157 daytime-dgram-rw-r -- 1 root 1159 daytime-stream-rw-r -- r -- 1 root 1157 2011-05-31 discard-dgram-rw-r -- 1 root 1159 2011-05-31 discard-stream-rw-r -- 1 root 1148 2011-05-31 echo-dgram -rw-r -- 1 root 1150 2011-05-31 echo-stream-rw-r -- 1 root 323 eklogin-rw-r -- 1 root 347 ekrb5-telnet-rw-r -- r -- 1 root 326 2004-09-09 gssftp-rw-r -- 1 root 310 2004-09-09 klogin-rw-r -- 1 root 323 2004-09-09 krb5-telnet-rw-r -- r -- 1 root 308 kshell-rw-r -- 1 root 317 rsync-rw-r -- 1 root 1212 2011-05-31 tcpmux-server-rw-r -- 1 root 1149 2011-05-31 time-dgram-rw-r -- 1 root 1150 2011-05-31 time-stream [root @ linuxprobe xinetd. d] # cat krb5-telnet # default: off # description: The authenticated telnet server accepts normal telnet sessions, \ # but can also use Kerberos 5 authentication. service telnet {flags = REUSE socket_type = stream wait = no user = root server =/usr/kerberos/sbin/telnetd log_on_failure + = USERID disable = yes}
The configuration parameters are usually as follows:
Service telnet
{
Disable = no # enable
Flags = REUSE # socket reusable
Socket_type = stream # The connection mode is TCP
Wait = no # start a process for each request
User = root # the user who starts the service is root.
Server =/usr/sbin/in. telnetd # process to be activated
Log_on_failure + = USERID # log on username upon logon Failure
}
To configure the list of clients that can be logged on, add
Only_from = 192.168.0.2 # Only 192.168.0.2 Logon Allowed
If you want to configure a list of prohibited clients, add
No_access = 192.168.0. {2, 3, 4} # disable Logon of 192.168.0.2, 192.168.0.3, and 192.168.0.4
If you want to set an open time period, add
Access_times =-PM-# Only services are available for these two periods of time every day (our working hours: P)
If you have two IP addresses, one is a private IP address such as 192.168.0.2 and the other is a public IP address such as 218.75.74.83, if you want the user to log on to the telnet service only from the private network, add
Bind = 192.168.0.2
For the specific meanings and syntax of each configuration item, refer to the xined configuration file attribute description (man xinetd. conf)
Configure the port and modify the services file:
# Vi/etc/services
Find the following two sentences:
Telnet 23/tcp
Telnet 23/udp
If there is a # character in front of it, remove it. Telnet's default port is 23, which is also the main object for hacker port scanning. Therefore, it is best to modify this port. The modification method is very simple, that is, to change the number 23, change to a larger number, such as 61123. Note that the port numbers below 1024 are reserved for the internet, so it is best not to use them. Be sure not to conflict with the ports of other services.
Start service: service xinetd restart
From: http://www.cnblogs.com/peida/archive/2013/03/13/2956992.html
Address: http://www.linuxprobe.com/telnet-command-examples.html