PDA

View Full Version : Configure telnet correctly



mrspedag2
09-Jun-2015, 14:22
I need telnet & i know about the secure issues... :-)

I have installed the telnet-server & enabled the xinetd in /etc/xinetd.d/telnet. The firewall is disabled for configuring the telnet purposes.
What have I do more? Better: how I have to install or configure right?

I am using Suse Linux Enterprise Server 12 x64.

Thx for a reply :)

malcolmlewis
09-Jun-2015, 15:05
On Tue 09 Jun 2015 01:24:02 PM CDT, mrspedag2 wrote:


I need telnet & i know about the secure issues... :-)

I have installed the telnet-server & enabled the xinetd in
/etc/xinetd.d/telnet. The firewall is disabled for configuring the
telnet purposes.
What have I do more? Better: how I have to install or configure right?

I am using Suse Linux Enterprise Server 12 x64.

Thx for a reply :)




Hi
Is telnet working now? If not probably start the xinetd service (SLE 12
uses systemd/systemctl). If it is running then re-enable the firewall
and then via YaST Firewall and allowed services on the drop down at the
right select the telnet server and add and save.

I would perhaps look at configuring telnet to use a non standard port
as well for additional security.

--
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.39-47-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!

mrspedag2
11-Jun-2015, 19:53
Hi,
xinetd is running. Still not able to connect via Telnet: ... connection refused. I have still disabled the firewall. Don't know, what & where can I do more :(

ab
11-Jun-2015, 20:09
While we're waiting for the smart people to return to help you a bit more,
what is the purpose of this service on a nice, new, otherwise-secure
system? I'm really curious what could cause somebody to voluntarily use
telnet in 2015.

Also, have your xinetd configuration file for this thing? Seeing that may
be interesting.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

malcolmlewis
11-Jun-2015, 22:57
On Thu 11 Jun 2015 06:54:01 PM CDT, mrspedag2 wrote:


Hi,
xinetd is running. Still not able to connect via Telnet: ... connection
refused. I have still disabled the firewall. Don't know, what & where
can I do more :(




Hi
In the /etc/xinet.d/telnet file you need to set the line disable = no
and restart xinetd service.

By the looks you also need to configure the kerbos realm...

--
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.39-47-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!

mrspedag2
12-Jun-2015, 09:41
Hi Malcolm,

I have installed the kerberos services; same message: the remote system has refused the connection.
/etc/xinetd.d/telnet:
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
disable = no
}

Meanwhile I tried ssh2: try to connect via ssh2 with a user, the following message will shown:

The server has disconnected with an error. Server message reads:
A protocol error occurred. Change of username or service not allowed: (root,ssh-connection) -> (scm.adm,ssh-connection).

All so confusing me... :confused:

malcolmlewis
12-Jun-2015, 12:37
On Fri 12 Jun 2015 08:44:01 AM CDT, mrspedag2 wrote:


Hi Malcolm,

I have installed the kerberos services; same message: the remote system
has refused the connection.
/etc/xinetd.d/telnet:
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
disable = no
}

Meanwhile I tried ssh2: try to connect via ssh2 with a user, the
following message will shown:

The server has disconnected with an error. Server message reads:
A protocol error occurred. Change of username or service not allowed:
(root,ssh-connection) -> (scm.adm,ssh-connection).

All so confusing me... :confused:




Hi
Strange indeed, sure you don't have a mis-configure hosts file, dns
setting sending you to the wrong machine?

Maybe run ssh and wind up the verbosity when you connect...


ssh -vv user@target


--
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.39-47-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!

jmozdzen
12-Jun-2015, 15:23
Hi mrspead2,

> Don't know, what & where can I do more :(

look at the logs - you should see a hint of telnetd, reported by xinetd once it receives the connection...

Regards,
Jens

mrspedag2
15-Jun-2015, 09:19
Hi,

I didn't give up... :)

Solution for the ssh connect:
I have created an user group with the permission to use ssh. I added the required users to this group, and they may connect via ssh, now.
Ok, I could stop from this point, now. But unresolved problems are painful, aren't they?

I tried using telnet:
mrbscm02:~ # telnet localhost
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
mrbscm02:~ #

I want to solve it.... :mad:

mikewillis
15-Jun-2015, 09:41
Hi,

I didn't give up... :)

Solution for the ssh connect:
I have created an user group with the permission to use ssh. I added the required users to this group, and they may connect via ssh, now.
Ok, I could stop from this point, now. But unresolved problems are painful, aren't they?

I tried using telnet:
mrbscm02:~ # telnet localhost
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
mrbscm02:~ #

I want to solve it.... :mad:

Your original post stated " I need telnet & i know about the secure issues... :-)" but you're now saying that you have set up ssh and "could stop from this point, now". Which suggests you don't actually need telnet at all. Do you really need telnet or can you use ssh instead? If you are able to use ssh instead of telnet then forget about telnet.

mrspedag2
15-Jun-2015, 10:27
Yeah, I can forget telnet... but I can't forget that I am not able to configure it right. For production purposes is ssh active, now. Don't know: it is to simple to forget it? :)

malcolmlewis
15-Jun-2015, 15:27
Hi
Your using ipv6? Something is for sure mis-configured, it should work on localhost OTB. I would suggest a review of all the other things you have performed on the system to ensure all other services etc are functioning as expected. But carry on using ssh, far better solution, plus can use sftp/scp if files need copying.

dpartrid
21-Oct-2015, 23:09
It sounds to me like you've done enough for a typical system.

On my own SLES 12 test system, I simply went into yast2 --> network services --> network services (xinetd) --> made sure xinetd was enabled, then toggled on telnet. That caused telnet-server to be installed and enabled xinetd for it. Then I clicked finish.

After that, I could telnet to my machine.

This machine runs no firewall or apparmor or anything else to get in the way.

Now... I'm going back to remove it, because I don't want telnet present. :)