Linux Command: telnet command, linux Command telnet

Source: Internet
Author: User
Tags nameserver telnet program to domain

Linux Command: telnet command, linux Command telnet

Telnet commands are usually used for remote logon. The telnet program is a remote client logon program based on the TELNET protocol. The Telnet protocol is a member of the TCP/IP protocol family and is the standard protocol and main method of the Internet remote login service. It provides users with the ability to complete remote host work on local computers. Use the telnet program on the terminal user's computer to connect to the server. End users can enter commands in the telnet program. These commands will run on the server, just as they are directly entered on the server console. You can control the server locally. To start a telnet session, you must enter the user name and password to log on to the server. Telnet is a common method to remotely control Web servers.

However, Because telnet uses plain text to send packets, the security is poor. Many Linux servers do not enable the telnet service, but use a safer ssh mode. However, many other systems may use telnet to provide remote logon. Therefore, it is necessary to find out how to use the telnet client.

Telnet commands can also be used for other purposes, such as determining the status of remote services, such as determining whether a port of the remote server can be accessed.

1.Command Format:

Telnet [parameter] [host]

2.Command function:

Execute the telnet command to start the terminal job and log on to the remote host.

3.Command parameters:

-8: 8 characters are allowed, including input and output.

-A tries to automatically log on to the remote system.

-B

-C does not read the. telnetrc file in the user's exclusive directory.

-D start the troubleshooting mode.

-E <Escape Character> sets the escape character.

-E: filter out the escape characters.

-F: the effect of this parameter is the same as that of the specified "-F" parameter.

-F when Kerberos V5 is used for authentication, you can add this parameter to upload the authentication data of the local host to the remote host.

-K <Domain Name> adds this parameter when Kerberos authentication is used, so that the remote host uses the specified domain name instead of the domain name of the host.

-K does not automatically log on to the remote host.

-L <User Name> specifies the name of the user to log on to the remote host.

-L 8 characters can be output.

-N <Record File> specifies the file record information.

-R uses a user interface similar to the rlogin command.

-S <service type> sets the IP address TOS required for the telnet connection.

-X: if the host supports data encryption, use it.

-X <authentication form> disables the specified authentication form.

4.Instance used:

Instance1:Remote Server access failure

Command:

Telnet 192.168.120.206

Output:

[root@localhost ~]# telnet 192.168.120.209Trying 192.168.120.209...telnet: connect to address 192.168.120.209: No route to hosttelnet: Unable to connect to remote host: No route to host[root@localhost ~]# 

Note:

To solve this problem:

(1) Are you sure the IP address is correct?

(2) Are you sure the host corresponding to the IP address is on?

(3) If the host has been started, are you sure the route settings are correct? (Use the route command to view details)

(4) If the host has been started, are you sure you have enabled the telnet service on the host? (Run the netstat command to check whether the TCP port 23 has the LISTEN status line)

(5) If the telnet service has been enabled on the host, are you sure the firewall has opened port 23? (Use iptables-save to view details)

Instance2:Domain name cannot be resolved

Command:

Telnet www.baidu.com

Output:

[root@localhost ~]# telnet www.baidu.comwww.baidu.com/telnet: Temporary failure in name resolution[root@localhost ~]# 

Note:

To solve this problem:

(1) Confirm that the domain name is correct

(2) check whether the settings related to domain name resolution on the local machine are correct (whether nameserver settings in/etc/resolv. conf are correct, if not, use nameserver 8.8.8.8)

(3) check whether the firewall has opened the access to the UDP53 port (DNS uses UDP protocol, port 53, and iptables-save to view)

Instance3:

Command:

Output:

[root@localhost ~]# telnet 192.168.120.206Trying 192.168.120.206...telnet: connect to address 192.168.120.206: Connection refusedtelnet: Unable to connect to remote host: Connection refused[root@localhost ~]#

Note:

Handle this situation:

(1) Are you sure the IP address or host name is correct?

(2) check whether the port is correct and whether the default port is port 23.

Instance4:Start the telnet Service

Command:

Service xinetd restart

Output:

[Root @ localhost ~] # Cd/etc/xinetd. d/[root @ localhost xinetd. d] # ll total 124-rw-r -- r -- 1 root 1157 chargen-dgram-rw-r -- 1 root 1159 chargen-stream-rw-r -- 1 root 523 cvs-rw-r -- 1 root 1157 daytime-dgram-rw-r -- 1 root 1159 daytime-stream-rw-r -- r -- 1 root 1157 2011-05-31 discard-dgram-rw-r -- 1 root 1159 2011-05-31 discard-stream-rw-r -- 1 root 1148 2011-05-31 echo-dgram -rw-r -- 1 root 1150 2011-05-31 echo-stream-rw-r -- 1 root 323 eklogin-rw-r -- 1 root 347 ekrb5-telnet-rw-r -- r -- 1 root 326 2004-09-09 gssftp-rw-r -- 1 root 310 2004-09-09 klogin-rw-r -- 1 root 323 2004-09-09 krb5-telnet-rw-r -- r -- 1 root 308 kshell-rw-r -- 1 root 317 rsync-rw-r -- 1 root 1212 2011-05-31 tcpmux-server-rw-r -- 1 root 1149 2011-05-31 time-dgram-rw-r -- 1 root 1150 2011-05-31 time-stream [root @ localhost xinetd. d] # cat krb5-telnet # default: off # description: The authenticated telnet server accepts normal telnet sessions, \ # but can also use Kerberos 5 authentication. service telnet {flags = REUSE socket_type = stream wait = no user = root server =/usr/kerberos/sbin/telnetd log_on_failure + = USERID disable = yes} [root @ localhost xinetd. d] #

Note:

Configuration parameters,The general configuration is as follows:

Service telnet

{

Disable = no # enable

Flags = REUSE # socket reusable

Socket_type = stream # The connection mode is TCP

Wait = no # start a process for each request

User = root # the user who starts the service is root.

Server =/usr/sbin/in. telnetd # process to be activated

Log_on_failure + = USERID # log on username upon logon Failure

}

To configure the list of clients that can be logged on, add

Only_from = 192.168.0.2 # Only 192.168.0.2 Logon Allowed

If you want to configure a list of prohibited clients, add

No_access = 192.168.0. {2, 3, 4} # disable Logon of 192.168.0.2, 192.168.0.3, and 192.168.0.4

If you want to set an open time period, add

Access_times =-PM-# Only services are available for these two periods of time every day (our working hours: P)

If you have two IP addresses, one is a private IP address such as 192.168.0.2 and the other is a public IP address such as 218.75.74.83, if you want the user to log on to the telnet service only from the private network, add

Bind = 192.168.0.2

For the specific meanings and syntax of each configuration item, refer to the xined configuration file attribute description (man xinetd. conf)

Configure the port and modify the services file:

# Vi/etc/services

Find the following two sentences:

Telnet 23/tcp

Telnet 23/udp

If there is a # character in front of it, remove it. Telnet's default port is 23, which is also the main object for hacker port scanning. Therefore, it is best to modify this port. The modification method is very simple, that is, to change the number 23, change to a larger number, such as 61123. Note that the port numbers below 1024 are reserved for the internet, so it is best not to use them. Be sure not to conflict with the ports of other services.

Start the service:

Service xinetd restart

Instance5:Normal telnet

Command:

Telnet 192.168.120.204

Output:

[root@andy ~]# telnet 192.168.120.204Trying 192.168.120.204...Connected to 192.168.120.204 (192.168.120.204).Escape character is '^]'.    localhost (Linux release 2.6.18-274.18.1.el5 #1 SMP Thu Feb 9 12:45:44 EST 2012) (1)login: rootPassword: Login incorrect

Note:

Generally, root users are not allowed to log on remotely. you can log on with a common account and then use su-to switch to the root user.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.