LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Cannot telnet into the Linux server (https://www.linuxquestions.org/questions/linux-server-73/cannot-telnet-into-the-linux-server-478383/)

zmihretu 08-29-2006 06:05 AM
Cannot telnet into the Linux server
 
Hello there,
I am having difficulties telnetting into my Redhat Linux server from other machines. After hanging up on "connecting to 1.0.0.33..." for a few seconds, it completes the error message by adding "could not open connection to the host on port 23: Connection failed".

Telnetting outwards from the Linux server (e.g; to a Solaris server) works fine. Yet still, telnetting from the Linux server to itself (127.0.0.1) is not working properly. It returns with the login prompt, but on authentication it returns with a "password incorrect" message although I am certain I put in the right password.

I must admit I am a novice to Linux.

Many Thanks for your help.

Zmihretu

camorri 08-29-2006 09:03 AM
Do you have the telnet daemon running? Do a command 'ps aux' and look through the output for telnetd.

Next I would highly recommend you install and configure Openssh. It should be available as a rpm for redhat. Telnet is totally not secure, and few if anyone uses it anymore. SSH is secure, can be set up with keys for login. If you look in the Tutorial section under Networking on this board, you will find tutorials on how to set this up.

My personal preference is to install Webmin, also available through rpsms, a web based tool to configure and manage a server. It allows you to connect to a server using a standard web browser through port 10000. On the server you open your browser, and type https://localhost:10000 to connect to webmin. You can set up users, or configure as root. It provides a graphical interface, and much easier way of configuring, starting and stopping various servers. I use it to configure ssh, samba, printers and network settings on my machines. For a noob, this can help save a lot of frustration.

Hope this helps.

theNbomr 08-29-2006 09:10 AM
It sounds like you have more than one obstacle in the way, here.
The TCP connection is probably being blocked by iptables. If you post your output from 'iptables -L -n', here, we can probably identify the rule(s) that are blocking telnet traffic. Also, the telnetd daemon is probably misconfigured for your situation. If you post the contents of the telnet service config file, possibly in /etc/xinetd.d/telnet, someone here may be able to identify the changes required.
Finally, it is considered good practice these days to not use telnet. All of the functionality of telnet, and more, is provided by ssh, and is much more secure. Same goes for ftp (use sftp or scp). If the machine in question is internet-accessible, please consider disabling the telnetd and ftpd daemons. A vulnerable Linux host is a hazard to everyone that uses the net.

--- rod.

zmihretu 08-30-2006 08:22 AM
Hi Rod,
I think you may be right about the "iptables" entries. Except for UDP all the rest are "0.0.0.0". I have extracted that file together with two telnet configuration files under xinetd.d.

Another snag to send the files as attachment! Is there an e-mail address to which I can send the files to? I could not find an option to include attachments from this "Quick Reply" window.

Thanks

Zelalem

zmihretu 08-30-2006 08:54 AM
Hi Cliff,
"PS aux" is not returning a line containing "telnet". But, the "disable" parameter in "krb5-telnet" and "telnet" under "/etc/xinetd.d" are set to "no".

The following is the content of /etc/xinetd.d/kbr5-telnet:

flags = REUSE
socket_type = stream
wait = no
user = root
log_on_failure += USERID
server = /usr/kerberos/sbin/telnetd
disable = no

The only variation in /etc/xinetd.d/telnet is the line containing "server" to:
server = /usr/sbin/in.telnet

Thanks

nick

theNbomr 08-30-2006 10:06 AM
No attachements here. This is not e-mail. Just cut and paste into the edit window. Use the 'advanced' button, which makes it possible to paste things in a 'code' box for easier viewing of plain formatted text, like this:
Code:
flags = REUSE
socket_type = stream
wait = no
user = root
log_on_failure += USERID
server = /usr/kerberos/sbin/telnetd
disable = no
I suggest disabling the kerberos encrypted version, and enabling the plain telnet version, at least to test the connectivity. If your telnet client is not kerberos enabled, maybe it is why you can't log in.

To camorri: The telnet daemon is not run directly like many other network services. It is under an umbrella daemon, xinetd. When a request for a connection on a port known to xinetd is received, xinetd dispatches the function it understands to be responsible for serving connections on that port. For port 23, the standard telnet port, it dispatches the telnet server, or else the krb-telnet server, depending on what is set up in the xinet.d directory. That is why there is no process showing up in the output of ps -aux.

Is there a reason you can't use ssh?

--- rod.

theNbomr 08-30-2006 10:20 AM
I geuss it might be worthwhile explaining some details about how to enable/disable services launched by xinetd. You must first edit the appropriate file(s) in /etc/xinetd.d/. Then, find the PID of the xinetd daemon, with
ps -e | grep xinetd.
Finally, restart the xinetd daemon, with
kill -1 PID_of_xinetd

--- rod.

camorri 08-30-2006 12:09 PM
theNbomr: Thank-you for the explanation. I have always used Webmin to configure this stuff. It tends to shield you from the details. I went with ssh, so I never tried to use telnet.

zmihretu 08-31-2006 06:26 AM
Thanks to both of you, SSH was already installed on the server and I have it working now, after downloading the SSH-client for the Windows platform--putty.exe. Regarding the webmin also, I have some success---It is running fine locally, but does not connect from a remote host.

I would still like to find out why the telnet is not working as a learning point on IP configuration, if not for any other purpose. PLease see the out put from the iptables -L -n command below:

Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

zm

theNbomr 08-31-2006 09:25 AM
As root, try inserting a firewall rule:
Code:
/sbin/iptables -I INPUT -p tcp -d 0.0.0.0 --dport 23 -j ACCEPT
This is a diagnostic, only. If it allows telnet to operate, then it is an exercise left for the reader to correctly modify the firewall script (possibly in /etc/init.d/iptables + /etc/sysconfig/iptables-config) to permanently add the rule. Look for the rules that open up ports 80 & 22, and add another for port 23.
In any case you should probably remove the diagnostic with
Code:
/sbin/iptables -D INPUT 1
and then let us know how things turn out.

--- rod.


All times are GMT -5. The time now is 08:37 PM.