LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-12-2004, 12:45 PM   #1
sunil21
LQ Newbie
 
Registered: Mar 2004
Posts: 7

Rep: Reputation: 0
telnet


When i connet two systems using telnet or gftp i get error
connection refused . I asked this question before in this forum and
the reply i got was "check your system security settings"
* my question is-- inorder to establish a connection using telnet /gftp
what should be the security options to be set at the time
of installation
 
Old 06-12-2004, 01:34 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 67
The first thing I'll do is refer you to:
http://wiki.linuxquestions.org/wiki/Telnet_and_SSH

This explains why we would reccomend using ssh instead of telnet if you can. You are probbaly getting connection refused messages because your firewall is blocking the requests. Take a look at the output from:
iptables -nL
 
Old 06-13-2004, 12:34 AM   #3
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Am I the only one who has used ettercap before?

SSH passwords can be sniffed just as easily as telnet passwords.
 
Old 06-13-2004, 12:46 AM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
From my understanding, that only applies to SSHv1.

Edit: In fact I just checked and yes, it only works vs. SSHv1 and only with certain ciphers being used. A full defense against Ettercap password sniffing is to set all sshd_config files to Protocol 2 (only 2, no 1!!) and all clients to Protocol 2 (no fallback to Proto 1). As long as the client and/or server refuse to connect with SSHv1, you cannot even be forced back (Ettercap will let you force a connection to v1 if it's supported by both ends, which is why you must use SSHv2 ONLY)

Last edited by chort; 06-13-2004 at 12:56 AM.
 
Old 06-13-2004, 02:02 AM   #5
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Unfortunately, most distros I have used default to SSHv1 for their server, as well as the client.

If SSH is going to be suggested over telnet, it is important to note that version 1 is just as insecure as using telnet.

If someone didn't know that there are 2 versions of SSH, and simply used what is the default configuration on their systems, they might as well write their password on a sticky note by the monitor.
 
Old 06-13-2004, 03:51 AM   #6
linuxxed
Member
 
Registered: Feb 2004
Posts: 273

Rep: Reputation: 30
oh you guys .. he asked a simple question and you started your security rant about ssh :-D.

if you really want to use telnet

1) First check if telnet is running or not. On RH this is wrapped by xinetd. Look in /etc/xinetd.d. If you've installed "workstation" then this is not installed by default. Insert CD and install the rpm.

netstat -na|grep LISTEN (look for 23 port)
or lsof -i:23

If not running then start it using "service telnet start"

2) check your /etc/hosts.allow and /etc/hosts.deny

3) Check your iptables. Allow 23 port if you've enabled firewall
 
Old 06-13-2004, 04:26 AM   #7
linuxxed
Member
 
Registered: Feb 2004
Posts: 273

Rep: Reputation: 30
Quote:
Originally posted by MS3FGX
Unfortunately, most distros I have used default to SSHv1 for their server, as well as the client.

If SSH is going to be suggested over telnet, it is important to note that version 1 is just as insecure as using telnet.

If someone didn't know that there are 2 versions of SSH, and simply used what is the default configuration on their systems, they might as well write their password on a sticky note by the monitor.

Interesting read.

http://www.hackinglinuxexposed.com/a.../20020430.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I setup telnet on Fedorac1 so I can telnet to it from winxp? mman49 Fedora 6 05-02-2004 12:40 PM
can not telnet localhost 25 but telnet dowell.exper.dynserv.com 25 exper Linux - Software 0 02-25-2004 05:13 AM
Telnet localhost and telnet IP seb77 Linux - Newbie 4 10-15-2003 03:15 PM
enable telnet but can't telnet from the computer guanyu Linux - Networking 8 08-26-2002 06:34 AM
telnet local but no-telnet via internet blacksheep Linux - Networking 7 11-26-2001 02:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration