The telnet command is usually used to log in remotely. The telnet program is a remote login client program based on the TELNET protocol. Telnet protocol is a member of TCP/IP protocol family, and it is the standard protocol and main method of Internet remote login service. It provides users with the ability to do remote host work on their local computer. Use the telnet program on the end user's computer to connect to the server. Terminal users can enter commands into the telnet program, and these commands are run on the server as if they were entered directly on the server's console. The server can be controlled locally. To start a telnet session, you must enter a username and password to log in to the server. Telnet is a commonly used method to remotely control a web server.
However, because telnet uses plaintext to transmit messages, the security is not good. Many Linux servers do not open the telnet service, but use the more secure ssh method. But there are still many other systems that may use telnet to provide remote login, so it is still necessary to figure out how to use the telnet client.
The telnet command can also be used for other purposes, such as determining the status of remote services, such as determining whether a port on a remote server is accessible.
1. Command format:
telnet[parameter][host]
2. Command function:
Execute the telnet command to start the terminal stage operation and log in to the remote host.
3. Command parameters:
-8 allows the use of 8-bit character data, both input and output.
-a Attempt to automatically log in to the remote system.
-b <host alias> Specify the remote host name using an alias.
-c Do not read .telnetrc files in user-specific directories.
-d Starts debug mode.
-e<escape character> Set escape character.
-E Filter out escape characters.
-f This parameter has the same effect as specifying the "-F" parameter.
-F When using Kerberos V5 authentication, adding this parameter can upload the authentication data of the local host to the remote host.
-k<domain name> When using Kerberos authentication, add this parameter to let the remote host use the specified realm name instead of the host's domain name.
-K Do not automatically log in to the remote host.
-l<username> Specifies the user name to log in to the remote host.
-L allows output of 8-bit character data.
-n<record file> Specifies the file to record related information.
-r Use an rlogin-like user interface.
-S <service type> Set the IP TOS information required for telnet connection.
-x is used assuming the host has the capability to support data encryption.
-X<authentication form> Turn off the specified authentication form.
4. Example of use:
Example 1: The remote server is unreachable
Order:
telnet 192.168.120.206
output:
Trying 192.168.120.209...
telnet: connect to address 192.168.120.209: No route to host
telnet: Unable to connect to remote host: No route to host
[root@localhost ~]#
illustrate:
How to handle this situation:
(1) Confirm whether the ip address is correct?
(2) Confirm whether the host corresponding to the ip address is powered on?
(3) If the host has been started, confirm whether the routing settings are set correctly? (Use the route command to view)
(4) If the host has been started, confirm whether the telnet service is enabled on the host? (Use the netstat command to see if there is a LISTEN line on TCP port 23)
(5) If the host has started the telnet service, confirm whether the firewall has released access to port 23? (Use iptables-save to view)
Example 2: The domain name cannot be resolved
Order:
telnet www.baidu.com
output:
www.baidu.com/telnet: Temporary failure in name resolution
[root@localhost ~]#
illustrate:
How to handle this situation:
(1) Confirm whether the domain name is correct
(2) Confirm whether the settings related to the domain name resolution of the machine are correct (whether the nameserver settings in /etc/resolv.conf are correct, if not, you can use nameserver 8.8.8.8)
(3) Confirm whether the firewall has released the access of UDP53 port (DNS uses UDP protocol, port 53, use iptables-save to view)
Example 3:
Order:
output:
Trying 192.168.120.206...
telnet: connect to address 192.168.120.206: Connection refused
telnet: Unable to connect to remote host: Connection refused
[root@localhost ~]#
illustrate:
Handle this situation:
(1) Confirm whether the IP address or host name is correct?
(2) Confirm whether the port is correct, whether it is the default port 23
Example 4: Start the telnet service
Order:
service xinetd restart
output:
illustrate:
Configuration parameters, the usual configuration is as follows:
service telnet
{
disable = no #enable
flags = REUSE #socket can be reused
socket_type = stream #Connection mode is TCP
wait = no # start a process for each request
user = root #The user who starts the service is root
server = /usr/sbin/in.telnetd #Process to be activated
log_on_failure += USERID #log login user name when login fails
}
To configure a list of clients allowed to log in, add
only_from = 192.168.0.2 #Only 192.168.0.2 is allowed to log in
If you want to configure a list of clients that are prohibited from logging in, add
no_access = 192.168.0.{2,3,4} #Forbid 192.168.0.2, 192.168.0.3, 192.168.0.4 to log in
If you want to set open hours, join
access_times = 9:00-12:00 13:00-17:00 # Only these two hours are open every day (our working hours: P)
If you have two IP addresses, one is the IP address of the private network such as 192.168.0.2, and the other is the IP address of the public network such as 218.75.74.83, if you want users to log in to the telnet service only from the private network, then add
bind = 192.168.0.2
For the specific meaning and syntax of each configuration item, please refer to the xined configuration file attribute description (man xinetd.conf)
Configure the port and modify the services file:
# vi /etc/services
Find the following two sentences
telnet 23/tcp
telnet 23/udp
If there is a # character in front, remove it. The default port of telnet is 23. This port is also the main target of hacker port scanning. Therefore, it is best to modify this port. The modification method is very simple, that is, modify the number 23 and change it to a larger number, such as 61123. Note that the port numbers below 1024 are reserved for the Internet, so it is best not to use them, and you should also be careful not to conflict with ports of other services.
Start the service:
service xinetd restart
Example 5: normal telnet
Order:
telnet 192.168.120.204
output:
illustrate:
Under normal circumstances , root is not allowed to log in remotely. You can log in with an ordinary account first, and then use su - to switch to the root user.