One linux command per day (58): telnet command

Others 2022-05-23 11:54:06 views: 0
The telnet command is usually used to log in remotely. The telnet program is a remote login client program based on the TELNET protocol. Telnet protocol is a member of TCP/IP protocol family, and it is the standard protocol and main method of Internet remote login service. It provides users with the ability to do remote host work on their local computer. Use the telnet program on the end user's computer to connect to the server. End users can enter commands into the telnet program, and these commands run on the server as if they were entered directly on the server's console. The server can be controlled locally. To start a telnet session, you must enter a username and password to log in to the server. Telnet is a commonly used method to remotely control a web server.

  However, because telnet uses plaintext to transmit messages, the security is not good. Many Linux servers do not open the telnet service, but use the more secure ssh method. But there are still many other systems that may use telnet to provide remote login, so it is still necessary to figure out how to use the telnet client.

The telnet command can also be used for other purposes, such as determining the status of a remote service, such as determining whether a port on a remote server is accessible.

1. Command format:

telnet[parameter][host]

2.Command function:

Execute the telnet command to start the terminal stage operation and log in to the remote host.

3. Command parameters:

#p#Page title#e#-8 Allows the use of 8-bit character data, including input and output.

-a Attempt to automatically log in to the remote system.

-b <host alias> Specify the remote host name using an alias.

-c Do not read .telnetrc files in user-specific directories.

-d Starts debug mode.

-e<escape character> Set escape character.

-E Filter out escape characters.

-f This parameter has the same effect as specifying the "-F" parameter.

-F When using Kerberos V5 authentication, adding this parameter can upload the authentication data of the local host to the remote host.

-k<domain name> When using Kerberos authentication, add this parameter to let the remote host use the specified realm name instead of the host's domain name.

-K Do not automatically log in to the remote host.

-l<username> Specifies the user name to log in to the remote host.

#p#Pagination title#e#-L Allows output of 8-bit character data.

-n<record file> Specifies the file to record related information.

-r Use an rlogin-like user interface.

-S <service type> Set the IP TOS information required for telnet connection.

-x is used assuming the host has the capability to support data encryption.

-X<authentication form> Turn off the specified authentication form.

4. Example of use:

Example 1: The remote server cannot be accessed

Command :

telnet 192.168.120.206

Output:



#p#page title#e#
[root@localhost ~]# telnet 192.168.120.209
Trying 192.168.120.209...
telnet: connect to address 192.168. 120.209: No route to host
telnet: Unable to connect to remote host: No route to host
[root@localhost ~]#


Description: How

to deal with this situation:

(1) Confirm whether the ip address is correct?

(2) Confirm whether the host corresponding to the ip address is powered on?

(3) If the host has been started, confirm whether the routing settings are set correctly? (Use the route command to view)

(4) If the host has been started, confirm whether the telnet service is enabled on the host? (Use the netstat command to check whether there is a LISTEN line on TCP port 23)

(5) If the host has started the telnet service, check whether the firewall has released access to port 23? (Use iptables-save to view)



#p#Pagination title#e#Instance 2: The domain name cannot be resolved

Command :

telnet www.baidu.com

Output:



[root@localhost ~]# telnet www.baidu.com
www.baidu.com/telnet : Temporary failure in name resolution
[root@localhost ~]#


Description: How

to deal with this situation:

(1) Confirm whether the domain name is correct

(2) Confirm whether the settings related to the domain name resolution of this machine are correct (/etc/resolv.conf in Is the setting of nameserver correct, if not, you can use nameserver 8.8.8.8)

#p#Page title#e# (3) Confirm whether the firewall has released the access of UDP53 port (DNS uses UDP protocol, port 53, use iptables-save to view)



Example 3:

Command:

output:



[root@localhost ~]# telnet 192.168.120.206
Trying 192.168.120.206...
telnet: connect to address 192.168.120.206: Connection refused
telnet: Unable to connect to remote host: Connection refused
[root@localhost ~]#


Description:

handle this situation:

(1) Confirm Is the ip address or hostname correct?

(2) Confirm whether the port is correct, whether it is the default port 23#p#page title#e#



Instance 4: Start the telnet service

Command :

service xinetd restart

Output:



Copy code
[root@localhost ~]# cd /etc/xinetd.d/
[root@localhost xinetd.d]# ll
total 124
-rw-r--r-- 1 root root 1157 2011-05-31 chargen-dgram
-rw-r--r-- 1 root root 1159 2011-05-31 chargen-stream
-rw-r--r-- 1 root root  523 2009-09-04 cvs
-rw-r--r-- 1 root root 1157 2011-05-31 daytime-dgram
-rw-r--r-- 1 root root 1159 2011-05-31 daytime-stream
-rw-r--r-- 1 root root 1157 2011-05-31 discard-dgram
-rw-r--r-- 1 root root 1159 2011-05-31 discard-stream
-rw-r--r-- 1 root root 1148 2011-05-31 echo-dgram
-rw-r--r-- 1 root root 1150 2011-05-31 echo-stream#p#分页标题#e#
-rw-r--r-- 1 root root  323 2004-09-09 eklogin
-rw-r--r-- 1 root root  347 2005-09-06 ekrb5-telnet
-rw-r--r-- 1 root root  326 2004-09-09 gssftp
-rw-r--r-- 1 root root  310 2004-09-09 klogin
-rw-r--r-- 1 root root  323 2004-09-09 krb5-telnet
-rw-r--r-- 1 root root  308 2004-09-09 kshell
-rw-r--r-- 1 root root  317 2004-09-09 rsync
-rw-r--r-- 1 root root 1212 2011-05-31 tcpmux-server
-rw-r--r-- 1 root root 1149 2011-05-31 time-dgram
-rw-r--r-- 1 root root 1150 2011-05-31 time-stream
[root@localhost xinetd.d]# cat krb5-telnet
# default: off
# description: The kerberized telnet server accepts normal telnet sessions, \
#              but can also use Kerberos 5 authentication.
service telnet
{
        flags           = REUSE
        socket_type     = stream       
        wait            = no
        user            = root
        server = /usr/kerberos/sbin/telnetd
        log_on_failure += USERID
        disable = yes
}
[root@localhost xinetd.d]##p#page title#e#
Copy code


Description :

Configuration parameters, the usual configuration is as follows:

service telnet

{

disable = no

#enable flags = REUSE #socket reusable

socket_type = stream #connection mode is TCP

wait = no #start a process for each request

user = root #start the service user is root

server = /usr/sbin/in.telnetd #The process to be activated#p#Page title#e#

log_on_failure += USERID #Login username when login fails

}



If you want to configure the list of clients that are allowed to log in, add

only_from = 192.168.0.2 #Only 192.168.0.2 is allowed to log in

If you want Configure a list of clients that are prohibited from logging in, add

no_access = 192.168.0.{2,3,4} #Forbid 192.168.0.2, 192.168.0.3, 192.168.0.4 to log in

If you want to set the opening time, add

access_times = 9:00-12:00 13:00-17:00 # Only these two hours are open every day (our working hours: P)

If you have two IP addresses, one is the IP address of the private network such as 192.168.0.2, and the other is the IP address of the public network such as 218.75.74.83, if If you want users to log in to the telnet service only from the private network, then add

bind = 192.168.0.2

for the specific meaning and syntax of each configuration item, please refer to the xined configuration file attribute description (man xinetd.conf) #p#page title#e#



configure port , Modify the services file:

# vi /etc/services

Find the following two sentences

telnet 23/tcp If there is a # character in front of

telnet 23/udp

, remove it. The default port of telnet is 23. This port is also the main target of hacker port scanning. Therefore, it is best to modify this port. The modification method is very simple, that is, modify the number 23 and change it to a larger number, such as 61123. Note that the port numbers below 1024 are reserved for the Internet, so it is best not to use them. You should also be careful not to conflict with ports of other services.

Start service:

service xinetd restart



instance 5: normal telnet#p#page title#e#

command:

telnet 192.168.120.204

Output:



Copy code
[root@andy ~]# telnet 192.168.120.204
Trying 192.168.120.204...
Connected to 192.168.120.204 (192.168.120.204).
Escape character is '^]'.

    localhost (Linux release 2.6.18-274.18 .1.el5 #1 SMP Thu Feb 9 12:45:44 EST 2012) (1)

login: root
Password:
Login incorrectCopy
code


Note :

In general, root is not allowed to log in remotely, you can log in with a normal account first, then Then use su - to switch to the root user. #p#Pagination title#e#

Reprinted in: http://www.itxuexiwang.com/a/liunxjishu/2016/0303/209.html?1457083973

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326772039&siteId=291194637
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com