Linux Common commands: Telnet command

Tag: Zed does not have USR Inter try mode www. Failure records

Telnet commands are usually used to log on remotely. The Telnet program is a telnet protocol-based Telnet client program. The Telnet protocol is a member of the TCP/IP protocol family and is the standard protocol and main way of Internet remote Login service. It provides users with the ability to perform remote host work on the local computer. Use the Telnet program on the end user's computer to connect to the server. End users can enter commands in the Telnet program that run on the server as if they were entered directly on the server's console. The server can be controlled locally. To start a Telnet session, you must enter a user name and password to log on to the server. Telnet is a common way to remotely control a Web server.

However, Telnet is not secure because it transmits messages in plaintext, and many Linux servers do not open the Telnet service, instead using a more secure SSH approach. However, there are still many other systems that may use Telnet to provide remote logins, so it is still necessary to figure out how to use the Telnet client.

The Telnet command can also be used for other purposes, such as determining the status of a remote service, such as determining whether a port on a remote server can be accessed.

1. Command format:

telnet[parameters [Host]

2. Command function:

Perform the Telnet command to open the terminal stage job and log in to the remote host.

3. Command parameters:

-8 allows the use of 8-bit character data, including input and output.

-a attempts to automatically log in to the remote system.

-b< host aliases > Use aliases to specify the remote host name.

-C does not read the. telnetrc file in the user-specific directory.

-D start the debug mode.

-e< out character > set out character.

-e filters out the off character.

-F The effect of this parameter is the same as specifying the "-F" parameter.

-F with Kerberos V5 authentication, this parameter can be used to upload authentication data from the local host to the remote host.

-k< domain name > When using Kerberos authentication, this parameter allows the remote host to take the specified realm name rather than the domain name of the host.

-K does not automatically log in to the remote host.

-l< User name > Specifies the name of the user to log in to the remote host.

-L allows output of 8-bit character data.

-n< log Files > specify information about file records.

-R uses a user interface similar to the rlogin directive.

-s< Service Type > set the IP TOS information required for Telnet connection.

-X assumes that the host has the capability to support data encryption and uses it.

-x< Authentication Pattern > Close the specified authentication pattern.

4. Usage examples:

Example 1: Remote server cannot access

Command:

Telnet 192.168.120.206

Output:

[[Email protected] ~]# Telnet 192.168.120.209
Trying 192.168.120.209 ...
Telnet:connect to address 192.168.120.209:no route to host
Telnet:unable to connect-to-remote host:no route to host
[Email protected] ~]#

Description

To handle this scenario:

(1) Verify that the IP address is correct?

(2) Verify that the host IP address is powered on?

(3) If the host has been started, confirm that the routing settings are set correctly? (View using the route command)

(4) If the host has been started, verify that the Telnet service is turned on on the host? (Use the Netstat command to see if TCP port 23 has a listen status line)

(5) If the host has started the Telnet service, confirm that the firewall has released 23 port access? (View with Iptables-save)

Example 2: Domain name cannot be resolved

Command:

Telnet www.baidu.com

Output:

[[Email protected] ~]# Telnet www.baidu.com
Www.baidu.com/telnet:Temporary failure in name resolution
[Email protected] ~]#

Description

To handle this scenario:

(1) Confirm that the domain name is correct

(2) Confirm that the local domain name resolution is correct (NameServer is set correctly in/etc/resolv.conf, if not, you can use nameserver 8.8.8.8)

(3) Confirm that the firewall has released access to the UDP53 port (DNS uses UDP protocol, port 53, Iptables-save view)

Example 3:

Command:

Output:

[[Email protected] ~]# Telnet 192.168.120.206
Trying 192.168.120.206 ...
Telnet:connect to address 192.168.120.206:connection refused
Telnet:unable to connect to remote Host:connection refused
[Email protected] ~]#

Description

Handle this situation:

(1) Verify that the IP address or hostname is correct?

(2) Verify that the port is correct and that the default port is 23

Example 4: Start the Telnet service

Command:

Service xinetd Restart

Output:

[Email protected] ~]# cd/etc/xinetd.d/
[email protected] xinetd.d]# LL
Total 124
-rw-r--r--1 root root 1157 2011-05-31 Chargen-dgram
-rw-r--r--1 root root 1159 2011-05-31 Chargen-stream
-rw-r--r--1 root root 523 2009-09-04 CVS
-rw-r--r--1 root root 1157 2011-05-31 Daytime-dgram
-rw-r--r--1 root root 1159 2011-05-31 Daytime-stream
-rw-r--r--1 root root 1157 2011-05-31 Discard-dgram
-rw-r--r--1 root root 1159 2011-05-31 Discard-stream
-rw-r--r--1 root root 1148 2011-05-31 Echo-dgram
-rw-r--r--1 root root 1150 2011-05-31 Echo-stream
-rw-r--r--1 root root 323 2004-09-09 eklogin
-rw-r--r--1 root root 347 2005-09-06 ekrb5-telnet
-rw-r--r--1 root root 326 2004-09-09 gssftp
-rw-r--r--1 root root 310 2004-09-09 klogin
-rw-r--r--1 root root 323 2004-09-09 krb5-telnet
-rw-r--r--1 root root 308 2004-09-09 Kshell
-rw-r--r--1 root root 317 2004-09-09 rsync
-rw-r--r--1 root root 1212 2011-05-31 tcpmux-server
-rw-r--r--1 root root 1149 2011-05-31 Time-dgram
-rw-r--r--1 root root 1150 2011-05-31 Time-stream
[email protected] xinetd.d]# cat krb5-telnet
# Default:off
# description:the kerberized telnet Server accepts normal Telnet sessions, \
# but can also use Kerberos 5 authentication.
Service Telnet
{
Flags = Reuse
Socket_type = Stream
wait = no
user = root
Server =/usr/kerberos/sbin/telnetd
Log_on_failure + = USERID
Disable = yes
}
[Email protected] xinetd.d]#

Description

Configuration parameters, typically configured as follows:

Service Telnet

{

Disable = no #启用

Flags = Reuse #socket可重用

Socket_type = Stream #连接方式为TCP

wait = no #为每个请求启动一个进程

user = root #启动服务的用户为root

Server =/usr/sbin/in.telnetd #要激活的进程

Log_on_failure + = USERID #登录失败时记录登录用户名

}

If you want to configure the list of clients allowed to log in, join

Only_from = 192.168.0.2 #只允许192.168.0.2 Login

If you want to configure a list of blocked clients, join

No_access = 192.168.0. {2,3,4} #禁止192.168.0.2, 192.168.0.3, 192.168.0.4 Login

If you want to set up an open window, join

Access_times = 9:00-12:00 13:00-17:00 # Only these two hours per day open service (Our office Hours: P)

If you have two IP addresses, one is the IP address of the private network such as 192.168.0.2, one is the IP address of the public network, such as 218.75.74.83, if you want users to login Telnet service only from the private network, then join

bind = 192.168.0.2

The specific meanings and syntax of each configuration item can be referenced in the Xined profile property description (man xinetd.conf)

To configure the port, modify the Services file:

# vi/etc/services

Find the following two sentences

Telnet 23/tcp

Telnet 23/UDP

If there is a # character in front of it, remove it. The default port of Telnet is 23, this port is also the main object of the hacker port scan, so it is better to modify this port, the method is very simple, is to change the number 23, changed to a larger number, such as 61123. Note that the port number below 1024 is the port number reserved by the Internet, so it is best not to use it, and you should be careful not to conflict with the ports of other services.

Start the service:

Service xinetd Restart

Example 5: Normal Telnet

Command:

Telnet 192.168.120.204

Output:

[[Email protected] ~]# Telnet 192.168.120.204
Trying 192.168.120.204 ...
Connected to 192.168.120.204 (192.168.120.204).
Escape character is ' ^] '.

localhost (Linux release 2.6.18-274.18.1.el5 #1 SMP Thu Feb 9 12:45:44 EST 2012) (1)

Login:root
Password:
Login Incorrect

Description

Under normal circumstances, Root is not allowed to log in remotely, you can login with a regular account, and then use Su-cut to the root user.

Linux Common commands: Telnet command