The telnet command is usually used for remote login. The telnet program is a remote login client program based on the TELNET protocol. The Telnet protocol is a member of the TCP/IP protocol suite and is the standard protocol and main method for Internet remote login services. It provides users with the ability to complete remote host work on their local computer.
[root@linuxprobe ~]# telnet 192.168.120.209
Trying 192.168.120.209...
telnet: connect to address 192.168.120.209: No route to host
telnet: Unable to connect to remote host: No route to host
Methods to handle this situation: (1) Confirm whether the IP address is correct (2) Confirm whether the installed machine corresponding to the IP address has been powered on (3) If the host has been started, confirm whether the routing settings are set correctly (use the route command to check) (4) If the host has started, confirm whether the telnet service is enabled on the host (use the netstat command to check whether there is a LISTEN status line on TCP port 23) (5) If the host has started the telnet service, confirm whether the firewall is Access to port 23 is opened (use iptables-save to check)
Example 2: The domain name cannot be resolved
[root@linuxprobe ~]# telnet www.baidu.com
www.baidu.com/telnet: Temporary failure in name resolution
How to deal with this situation: (1) Confirm whether the domain name is correct (2) Confirm whether the local domain name resolution related settings are correct (whether the nameserver configuration in /etc/resolv.conf is correct, if not, you can use nameserver 8.8.8.8) (3) Confirm whether the firewall is released Access to UDP53 port (DNS uses UDP protocol, port 53, use iptables-save to view)
Example 3: Access denied
[root@linuxprobe ~]# telnet 192.168.120.206
Trying 192.168.120.206...
telnet: connect to address 192.168.120.206: Connection refused
telnet: Unable to connect to remote host: Connection refused
Method to handle this situation: (1) Confirm whether the IP address or host name is correct (2) Confirm whether the port is correct and whether the default port is 23
To check whether a certain port of 192.168.120.206 can be accessed, such as port 443, you can use The following command
Description: This means that the 443 port of 192.168.120.206 cannot be accessed
Example 4: Telnet root user login
[root@linuxprobe ~]# telnet 192.168.120.204
Trying 192.168.120.204...
Connected to 192.168.120.204 (192.168.120.204).
Escape character is '^]'.
localhost (Linux release 2.6.18-274.18.1.el5 #1 SMP Thu Feb 9 12:45:44 EST 2012) (1)
login: root
Password:
Login incorrect
Description: Root is not allowed under normal circumstances To log in remotely, you can log in with a normal account first, and then su - to switch to the root user. To allow the root user to log in, the following methods can be used:
The configuration parameters are usually as follows:
service telnet
{
disable = no #启用
flags = REUSE #socket可重用
socket_type = stream #连接方式为TCP
wait = no #为每个请求启动一个进程
user = root #启动服务的用户为root
server = /usr/sbin/in.telnetd #要激活的进程
log_on_failure += USERID #登录失败时记录登录用户名
}
If you want to configure the list of clients that are allowed to log in, add only_from = 192.168.0.2 #Only allow 192.168.0.2 to log in If you want to configure the list of clients that are prohibited from logging in, add no_access = 192.168 .0.{2,3,4} #Prohibit 192.168.0.2, 192.168.0.3, 192.168.0.4 login If you want to set the opening period, add access_times = 9:00-12:00 13:00- 17:00 # Only these two hours of service are open every day (our working hours: P) If you have two IP addresses, one is a private network IP address such as 192.168.0.2, and the other is a public network IP address For example, 218.75.74.83. If you want users to log in to the telnet service only from the private network, then add bind = 192.168.0.2 . For the specific meaning and syntax of each configuration item, please refer to the xined configuration file attribute description (man xinetd .conf) Configure the port and modify the services file: # vi /etc/services Find the following two sentences telnet 23/tcp telnet 23/udp such as
If there is a # character in front of it, remove it. The default port of telnet is 23. This port is also the main target of hacker port scanning, so it is best to modify this port. The modification method is very simple, that is, change
Modify the number 23 and change it to a larger number, such as 61123. Note that port numbers below 1024 are reserved by the Internet, so it is best not to use them. You should also be careful not to use them with
Port conflicts with other services. Start the service: service xinetd restart
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
The telnet command is usually used for remote login. The telnet program is a remote login client program based on the TELNET protocol. The Telnet protocol is a member of the TCP/IP protocol suite and is the standard protocol and main method for Internet remote login services. It provides users with the ability to complete remote host work on their local computer.
Syntax
Parameters
Usage examples
Example 1: The remote server cannot be accessed
Methods to handle this situation:
(1) Confirm whether the IP address is correct
(2) Confirm whether the installed machine corresponding to the IP address has been powered on
(3) If the host has been started, confirm whether the routing settings are set correctly (use the route command to check)
(4) If the host has started, confirm whether the telnet service is enabled on the host (use the netstat command to check whether there is a LISTEN status line on TCP port 23)
(5) If the host has started the telnet service, confirm whether the firewall is Access to port 23 is opened (use iptables-save to check)
Example 2: The domain name cannot be resolved
How to deal with this situation:
(1) Confirm whether the domain name is correct
(2) Confirm whether the local domain name resolution related settings are correct (whether the nameserver configuration in /etc/resolv.conf is correct, if not, you can use nameserver 8.8.8.8)
(3) Confirm whether the firewall is released Access to UDP53 port (DNS uses UDP protocol, port 53, use iptables-save to view)
Example 3: Access denied
Method to handle this situation:
(1) Confirm whether the IP address or host name is correct
(2) Confirm whether the port is correct and whether the default port is 23
To check whether a certain port of 192.168.120.206 can be accessed, such as port 443, you can use The following command
Description: This means that the 443 port of 192.168.120.206 cannot be accessed
Example 4: Telnet root user login
Description: Root is not allowed under normal circumstances To log in remotely, you can log in with a normal account first, and then su - to switch to the root user. To allow the root user to log in, the following methods can be used:
Example 5: Enable telnet service
[root@linuxprobe ~]# cd /etc/xinetd.d/ [root@linuxprobe xinetd.d]# ll 总计 124 -rw-r--r-- 1 root root 1157 2011-05-31 chargen-dgram -rw-r--r-- 1 root root 1159 2011-05-31 chargen-stream -rw-r--r-- 1 root root 523 2009-09-04 cvs -rw-r--r-- 1 root root 1157 2011-05-31 daytime-dgram -rw-r--r-- 1 root root 1159 2011-05-31 daytime-stream -rw-r--r-- 1 root root 1157 2011-05-31 discard-dgram -rw-r--r-- 1 root root 1159 2011-05-31 discard-stream -rw-r--r-- 1 root root 1148 2011-05-31 echo-dgram -rw-r--r-- 1 root root 1150 2011-05-31 echo-stream -rw-r--r-- 1 root root 323 2004-09-09 eklogin -rw-r--r-- 1 root root 347 2005-09-06 ekrb5-telnet -rw-r--r-- 1 root root 326 2004-09-09 gssftp-rw-r--r-- 1 root root 310 2004-09-09 klogin -rw-r--r-- 1 root root 323 2004-09-09 krb5-telnet -rw-r--r-- 1 root root 308 2004-09-09 kshell -rw-r--r-- 1 root root 317 2004-09-09 rsync -rw-r--r-- 1 root root 1212 2011-05-31 tcpmux-server -rw-r--r-- 1 root root 1149 2011-05-31 time-dgram -rw-r--r-- 1 root root 1150 2011-05-31 time-stream [root@linuxprobe xinetd.d]# cat krb5-telnet # default: off # description: The kerberized telnet server accepts normal telnet sessions, \ # but can also use Kerberos 5 authentication. service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/kerberos/sbin/telnetd log_on_failure += USERID disable = yes }The configuration parameters are usually as follows:
service telnet { disable = no #启用 flags = REUSE #socket可重用 socket_type = stream #连接方式为TCP wait = no #为每个请求启动一个进程 user = root #启动服务的用户为root server = /usr/sbin/in.telnetd #要激活的进程 log_on_failure += USERID #登录失败时记录登录用户名 }If you want to configure the list of clients that are allowed to log in, add
only_from = 192.168.0.2 #Only allow 192.168.0.2 to log in
If you want to configure the list of clients that are prohibited from logging in, add
no_access = 192.168 .0.{2,3,4} #Prohibit 192.168.0.2, 192.168.0.3, 192.168.0.4 login
If you want to set the opening period, add
access_times = 9:00-12:00 13:00- 17:00 # Only these two hours of service are open every day (our working hours: P)
If you have two IP addresses, one is a private network IP address such as 192.168.0.2, and the other is a public network IP address For example, 218.75.74.83. If you want users to log in to the telnet service only from the private network, then add
bind = 192.168.0.2
. For the specific meaning and syntax of each configuration item, please refer to the xined configuration file attribute description (man xinetd .conf)
Configure the port and modify the services file:
# vi /etc/services
Find the following two sentences
telnet 23/tcp
telnet 23/udp
such as If there is a # character in front of it, remove it. The default port of telnet is 23. This port is also the main target of hacker port scanning, so it is best to modify this port. The modification method is very simple, that is, change Modify the number 23 and change it to a larger number, such as 61123. Note that port numbers below 1024 are reserved by the Internet, so it is best not to use them. You should also be careful not to use them with Port conflicts with other services.
Start the service: service xinetd restart