LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-29-2006, 06:05 AM   #1
zmihretu
LQ Newbie
 
Registered: Aug 2006
Posts: 4

Rep: Reputation: 0
Cannot telnet into the Linux server


Hello there,
I am having difficulties telnetting into my Redhat Linux server from other machines. After hanging up on "connecting to 1.0.0.33..." for a few seconds, it completes the error message by adding "could not open connection to the host on port 23: Connection failed".

Telnetting outwards from the Linux server (e.g; to a Solaris server) works fine. Yet still, telnetting from the Linux server to itself (127.0.0.1) is not working properly. It returns with the login prompt, but on authentication it returns with a "password incorrect" message although I am certain I put in the right password.

I must admit I am a novice to Linux.

Many Thanks for your help.

Zmihretu

Last edited by zmihretu; 08-29-2006 at 06:07 AM.
 
Old 08-29-2006, 09:03 AM   #2
camorri
Senior Member
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1
Posts: 4,851

Rep: Reputation: 432Reputation: 432Reputation: 432Reputation: 432Reputation: 432
Do you have the telnet daemon running? Do a command 'ps aux' and look through the output for telnetd.

Next I would highly recommend you install and configure Openssh. It should be available as a rpm for redhat. Telnet is totally not secure, and few if anyone uses it anymore. SSH is secure, can be set up with keys for login. If you look in the Tutorial section under Networking on this board, you will find tutorials on how to set this up.

My personal preference is to install Webmin, also available through rpsms, a web based tool to configure and manage a server. It allows you to connect to a server using a standard web browser through port 10000. On the server you open your browser, and type https://localhost:10000 to connect to webmin. You can set up users, or configure as root. It provides a graphical interface, and much easier way of configuring, starting and stopping various servers. I use it to configure ssh, samba, printers and network settings on my machines. For a noob, this can help save a lot of frustration.

Hope this helps.
 
Old 08-29-2006, 09:10 AM   #3
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,395
Blog Entries: 2

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
It sounds like you have more than one obstacle in the way, here.
The TCP connection is probably being blocked by iptables. If you post your output from 'iptables -L -n', here, we can probably identify the rule(s) that are blocking telnet traffic. Also, the telnetd daemon is probably misconfigured for your situation. If you post the contents of the telnet service config file, possibly in /etc/xinetd.d/telnet, someone here may be able to identify the changes required.
Finally, it is considered good practice these days to not use telnet. All of the functionality of telnet, and more, is provided by ssh, and is much more secure. Same goes for ftp (use sftp or scp). If the machine in question is internet-accessible, please consider disabling the telnetd and ftpd daemons. A vulnerable Linux host is a hazard to everyone that uses the net.

--- rod.
 
Old 08-30-2006, 08:22 AM   #4
zmihretu
LQ Newbie
 
Registered: Aug 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Hi Rod,
I think you may be right about the "iptables" entries. Except for UDP all the rest are "0.0.0.0". I have extracted that file together with two telnet configuration files under xinetd.d.

Another snag to send the files as attachment! Is there an e-mail address to which I can send the files to? I could not find an option to include attachments from this "Quick Reply" window.

Thanks

Zelalem
 
Old 08-30-2006, 08:54 AM   #5
zmihretu
LQ Newbie
 
Registered: Aug 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Hi Cliff,
"PS aux" is not returning a line containing "telnet". But, the "disable" parameter in "krb5-telnet" and "telnet" under "/etc/xinetd.d" are set to "no".

The following is the content of /etc/xinetd.d/kbr5-telnet:

flags = REUSE
socket_type = stream
wait = no
user = root
log_on_failure += USERID
server = /usr/kerberos/sbin/telnetd
disable = no

The only variation in /etc/xinetd.d/telnet is the line containing "server" to:
server = /usr/sbin/in.telnet

Thanks

nick
 
Old 08-30-2006, 10:06 AM   #6
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,395
Blog Entries: 2

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
No attachements here. This is not e-mail. Just cut and paste into the edit window. Use the 'advanced' button, which makes it possible to paste things in a 'code' box for easier viewing of plain formatted text, like this:
Code:
flags = REUSE
socket_type = stream
wait = no
user = root
log_on_failure += USERID
server = /usr/kerberos/sbin/telnetd
disable = no
I suggest disabling the kerberos encrypted version, and enabling the plain telnet version, at least to test the connectivity. If your telnet client is not kerberos enabled, maybe it is why you can't log in.

To camorri: The telnet daemon is not run directly like many other network services. It is under an umbrella daemon, xinetd. When a request for a connection on a port known to xinetd is received, xinetd dispatches the function it understands to be responsible for serving connections on that port. For port 23, the standard telnet port, it dispatches the telnet server, or else the krb-telnet server, depending on what is set up in the xinet.d directory. That is why there is no process showing up in the output of ps -aux.

Is there a reason you can't use ssh?

--- rod.

Last edited by theNbomr; 08-30-2006 at 10:22 AM.
 
Old 08-30-2006, 10:20 AM   #7
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,395
Blog Entries: 2

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
I geuss it might be worthwhile explaining some details about how to enable/disable services launched by xinetd. You must first edit the appropriate file(s) in /etc/xinetd.d/. Then, find the PID of the xinetd daemon, with
ps -e | grep xinetd.
Finally, restart the xinetd daemon, with
kill -1 PID_of_xinetd

--- rod.
 
Old 08-30-2006, 12:09 PM   #8
camorri
Senior Member
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1
Posts: 4,851

Rep: Reputation: 432Reputation: 432Reputation: 432Reputation: 432Reputation: 432
theNbomr: Thank-you for the explanation. I have always used Webmin to configure this stuff. It tends to shield you from the details. I went with ssh, so I never tried to use telnet.
 
Old 08-31-2006, 06:26 AM   #9
zmihretu
LQ Newbie
 
Registered: Aug 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Thanks to both of you, SSH was already installed on the server and I have it working now, after downloading the SSH-client for the Windows platform--putty.exe. Regarding the webmin also, I have some success---It is running fine locally, but does not connect from a remote host.

I would still like to find out why the telnet is not working as a learning point on IP configuration, if not for any other purpose. PLease see the out put from the iptables -L -n command below:

Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

zm
 
Old 08-31-2006, 09:25 AM   #10
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,395
Blog Entries: 2

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
As root, try inserting a firewall rule:
Code:
/sbin/iptables -I INPUT -p tcp -d 0.0.0.0 --dport 23 -j ACCEPT
This is a diagnostic, only. If it allows telnet to operate, then it is an exercise left for the reader to correctly modify the firewall script (possibly in /etc/init.d/iptables + /etc/sysconfig/iptables-config) to permanently add the rule. Look for the rules that open up ports 80 & 22, and add another for port 23.
In any case you should probably remove the diagnostic with
Code:
/sbin/iptables -D INPUT 1
and then let us know how things turn out.

--- rod.

Last edited by theNbomr; 08-31-2006 at 09:27 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to find the telnet server IP address on a multihomed Linux.. lynuz Linux - General 4 10-27-2005 12:13 AM
Linux server will stop responding to telnet requests lab123 Linux - Security 3 10-25-2005 12:37 PM
cannot telnet from linux server to remote servers narenpg Linux - Networking 8 03-07-2005 04:22 PM
Not bale to FTP and Telnet from any other server to LINUX kapilvyasbda Linux - Networking 1 11-25-2004 05:08 AM
Linux Telnet Server + Echo Celeron463 Linux - Software 3 12-17-2003 03:08 PM


All times are GMT -5. The time now is 11:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration