topic Re: telnet in Operating System - Linux

telnet

Tonatiuh — Mon, 01 Nov 2004 21:46:20 GMT

I have just installed Red Hat AS 2.1 but I cannot open a telnet/ftp session to the server.

What should I config in the sever to allow users to open a telnet/ftp session?

Re: telnet

Steven E. Protter — Mon, 01 Nov 2004 23:11:47 GMT

By default telnet is disabled in AS 2.1

Thats because telnet uses clear text authentication. Passwords in clear text for all sniffers to see. I've seen it used against me on the public internet and its not pretty.

What you should do is have your users use ssh instead of telnet. Secure authentication.

Here is how to enable telnet:

cd /etc/xinetd.d
vi telnet

It looks like this:

service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}

change disable = yes to :

disable = no

service xinetd restart

You are now done. Do study implementing ssh. The client is free and it is much more secure.

http://www.openssh.org

SEP

Re: telnet

ramkumar — Mon, 01 Nov 2004 23:42:01 GMT

Hi

the above sentences are absolutely true . One more thing you should consider if pam.d
is istalled you can't login in to system as a administrator through the telnet session . for that go to /etc/pam.d / edit the file login in the fourth line you can find the following line change the word required to sufficient

session required /etc/security/pam_stack.so service =system-auth

Re: telnet

Alexander Chuzhoy — Tue, 02 Nov 2004 01:48:56 GMT

One simple command enables xinetd related service (including telnet):
chkconfig telnet on

Re: telnet

Tonatiuh — Tue, 02 Nov 2004 10:30:16 GMT

Thanks, but what about the FTP ?

Ramkumar, the pam_stack.so does not exist in /etc/security/, it exists in /lib/security/. So that, the line to change (as it appears) into /etc/pam.d/login is:

session sufficient /lib/security/pam_stack.so service=system-auth

But I have modified and restarted the server and I cannot telnet with root user.

Any other idea to telnet with root user?

Re: telnet

Alexander Chuzhoy — Tue, 02 Nov 2004 10:43:56 GMT

to be able to telnet with root user -you must add the following to the /etc/securetty
pts/0
pts/1
pts/2

and so on....
I'd add at least until pts/20

Re: telnet

Tonatiuh — Tue, 02 Nov 2004 10:49:31 GMT

It is working! Thanks a lot!

What about the FTP? how can I allow users to FTP to this server?

Re: telnet

Stuart Browne — Tue, 02 Nov 2004 17:22:44 GMT

enable the 'wu-ftpd' service, in a similar fasion.

Re: telnet

Tonatiuh — Tue, 02 Nov 2004 17:35:03 GMT

This is my first time with Linux and I am really confused. Could you be more clear (detailed) ?

Re: telnet

dirk dierickx — Wed, 03 Nov 2004 02:05:13 GMT

I just want to stress again that telnet is not a recommended connection method. And unless there is some obscure program really needing it, i would leave it _off_! and use SSH instead.
For transferring files, again if no program requires it, use SCP.

Don't worry, clients for these are freely available on windows.

Re: telnet

Johannes Krackowizer_1 — Wed, 03 Nov 2004 03:48:21 GMT

hi tonautiuh,

there is a simple way to enable or disable services in redhat linux. type ntsysv. in this tool you can select or deselct the services registered in redhat linux so you don't have to change configfiles like steven told you. but for telnet you have to add to /etc/securetty the pts/0, pts/1 ... lines for any concurent session. so if you want to allow 20 users to connect to your server and everyone opens two telnet sessions you have to add pts/0 to pts/39 to your /etc/securetty. the better way is to use ssh if it's possible for you because ssh is much more secure (passwords aren't transmitted plain text, they are encrypted).

for ftp server you have to enalbe the vsftp in ntsysv and have a look at the following thread:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=698075

Re: telnet

Rick Garland — Wed, 03 Nov 2004 14:29:09 GMT

I want to join the chorus - avoid telnet/ftp if at all possible!

RH install does not install these tools by default. You must select them.

There is no difference to using telnet vs ssh - only the command syntax changes for the end user. Of course behind the scenes there is encryption. If the syntax is an issue the alias the commands.

For windows, PUTTY is a free tool that can be downloaded from the net and the tools are already in binary form - no building.

Re: telnet

Karsten Breivik_1 — Mon, 29 Nov 2004 08:32:06 GMT

Another tip.

Starting a new telnet session can sometimes take a long time, sometimes ~30 sec to get a login prompt.

This is often caused by the server wanting to do a reverse DNS lookup to find out who is connecting.

If you are running DNS, check named and resolv.conf to find out how IP adresses are resolved.

If you aren't running DNS, you can fix this just by listing all the machines in /etc/hosts. Note that you don't have to be accurate about the names: I often use the ip adress with "_" substituted for the "."'s, like "host_192_168_2_3" and so on. A simple script:

#!/bin/ksh
x=1
while [ $x -lt 255 ]
do
echo "192.168.0.$x host_$x"
x=$((x + 1 ))
done >> /etc/hosts