Why can't Telnet connect to the tcp server? (The tcp server has been started)
Report: telnet: could not resolve localhost:18001/telnet: Temporary failure in name resolution
殘留の回憶2019-03-08 18:53:22
The telnet command is usually used for remote login. The telnet program is a remote login client program based on the TELNET protocol. The Telnet protocol is a member of the TCP/IP protocol suite and is the standard protocol and main method for Internet remote login services. It provides users with the ability to complete remote host work on their local computer.
Syntax
telnet [-8acdEfFKLrx][-b<主机别名>][-e<脱离字符>][-k<域名>][-l<用户名称>][-n<记录文件>][-S<服务类型>][-X<认证形态>][主机名称或IP地址<通信端口>]
Parameters
-8 允许使用8位字符资料,包括输入与输出 -a 尝试自动登入远端系统 -b<主机别名> 使用别名指定远端主机名称 -c 不读取用户专属目录里的.telnetrc文件 -d 启动排错模式 -e<脱离字符> 设置脱离字符 -E 滤除脱离字符 -F 使用Kerberos V5认证时,加上此参数可把本地主机的认证数据上传到远端主机 -f 此参数的效果和”-F”参数相同 -k<域名> 使用Kerberos认证时,加上此参数让远端主机采用指定的领域名,而非该主机的域名 -K 不自动登入远端主机 -l<用户名称> 指定要登入远端主机的用户名称 -L 允许输出8位字符资料 -n<记录文件> 指定文件记录相关信息 -r 使用类似rlogin指令的用户界面 -S<服务类型> 设置telnet连线所需IP TOS信息 -x 假设主机有支持数据加密的功能,就使用它 -X<认证形态> 关闭指定的认证形态
Usage examples
Example 1: The remote server cannot be accessed
[root@linuxprobe ~]# telnet 192.168.120.209 Trying 192.168.120.209... telnet: connect to address 192.168.120.209: No route to host telnet: Unable to connect to remote host: No route to host
Methods to handle this situation:
(1) Confirm whether the IP address is correct
(2) Confirm whether the installed machine corresponding to the IP address has been powered on
(3) If the host has been started, confirm whether the routing settings are set correctly (use the route command to check)
(4) If the host has started, confirm whether the telnet service is enabled on the host (use the netstat command to check whether there is a LISTEN status line on TCP port 23)
(5) If the host has started the telnet service, confirm whether the firewall is Access to port 23 is opened (use iptables-save to check)
Example 2: The domain name cannot be resolved
[root@linuxprobe ~]# telnet www.baidu.com www.baidu.com/telnet: Temporary failure in name resolution
How to deal with this situation:
(1) Confirm whether the domain name is correct
(2) Confirm whether the local domain name resolution related settings are correct (whether the nameserver configuration in /etc/resolv.conf is correct, if not, you can use nameserver 8.8.8.8)
(3) Confirm whether the firewall is released Access to UDP53 port (DNS uses UDP protocol, port 53, use iptables-save to view)
Example 3: Access denied
[root@linuxprobe ~]# telnet 192.168.120.206 Trying 192.168.120.206... telnet: connect to address 192.168.120.206: Connection refused telnet: Unable to connect to remote host: Connection refused
Method to handle this situation:
(1) Confirm whether the IP address or host name is correct
(2) Confirm whether the port is correct and whether the default port is 23
To check whether a certain port of 192.168.120.206 can be accessed, such as port 443, you can use The following command
[root@linuxprobe ~]# telnet 192.168.120.206 443 Trying 192.168.120.206... telnet: connect to address 192.168.120.206: Connection refused
Description: This means that the 443 port of 192.168.120.206 cannot be accessed
Example 4: Telnet root user login
[root@linuxprobe ~]# telnet 192.168.120.204 Trying 192.168.120.204... Connected to 192.168.120.204 (192.168.120.204). Escape character is '^]'. localhost (Linux release 2.6.18-274.18.1.el5 #1 SMP Thu Feb 9 12:45:44 EST 2012) (1) login: root Password: Login incorrect
Description: Root is not allowed under normal circumstances To log in remotely, you can log in with a normal account first, and then su - to switch to the root user. To allow the root user to log in, the following methods can be used:
[root@linuxprobe ~]# vi /etc/pam.d/login #auth required pam_securetty.so #将这一行加上注释! 或 [root@linuxprobe ~]# mv /etc/securetty /etc/securetty.bak
Example 5: Enable telnet service
[root@linuxprobe ~]# cd /etc/xinetd.d/
[root@linuxprobe xinetd.d]# ll
总计 124
-rw-r--r-- 1 root root 1157 2011-05-31 chargen-dgram
-rw-r--r-- 1 root root 1159 2011-05-31 chargen-stream
-rw-r--r-- 1 root root 523 2009-09-04 cvs
-rw-r--r-- 1 root root 1157 2011-05-31 daytime-dgram
-rw-r--r-- 1 root root 1159 2011-05-31 daytime-stream
-rw-r--r-- 1 root root 1157 2011-05-31 discard-dgram
-rw-r--r-- 1 root root 1159 2011-05-31 discard-stream
-rw-r--r-- 1 root root 1148 2011-05-31 echo-dgram
-rw-r--r-- 1 root root 1150 2011-05-31 echo-stream
-rw-r--r-- 1 root root 323 2004-09-09 eklogin
-rw-r--r-- 1 root root 347 2005-09-06 ekrb5-telnet
-rw-r--r-- 1 root root 326 2004-09-09 gssftp-rw-r--r-- 1 root root 310 2004-09-09 klogin
-rw-r--r-- 1 root root 323 2004-09-09 krb5-telnet
-rw-r--r-- 1 root root 308 2004-09-09 kshell
-rw-r--r-- 1 root root 317 2004-09-09 rsync
-rw-r--r-- 1 root root 1212 2011-05-31 tcpmux-server
-rw-r--r-- 1 root root 1149 2011-05-31 time-dgram
-rw-r--r-- 1 root root 1150 2011-05-31 time-stream
[root@linuxprobe xinetd.d]# cat krb5-telnet
# default: off
# description: The kerberized telnet server accepts normal telnet sessions, \
# but can also use Kerberos 5 authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/kerberos/sbin/telnetd
log_on_failure += USERID
disable = yes
}The configuration parameters are usually as follows:
service telnet
{
disable = no #启用
flags = REUSE #socket可重用
socket_type = stream #连接方式为TCP
wait = no #为每个请求启动一个进程
user = root #启动服务的用户为root
server = /usr/sbin/in.telnetd #要激活的进程
log_on_failure += USERID #登录失败时记录登录用户名
}If you want to configure the list of clients that are allowed to log in, add
only_from = 192.168.0.2 #Only allow 192.168.0.2 to log in
If you want to configure the list of clients that are prohibited from logging in, add
no_access = 192.168 .0.{2,3,4} #Prohibit 192.168.0.2, 192.168.0.3, 192.168.0.4 login
If you want to set the opening period, add
access_times = 9:00-12:00 13:00- 17:00 # Only these two hours of service are open every day (our working hours: P)
If you have two IP addresses, one is a private network IP address such as 192.168.0.2, and the other is a public network IP address For example, 218.75.74.83. If you want users to log in to the telnet service only from the private network, then add
bind = 192.168.0.2
. For the specific meaning and syntax of each configuration item, please refer to the xined configuration file attribute description (man xinetd .conf)
Configure the port and modify the services file:
# vi /etc/services
Find the following two sentences
telnet 23/tcp
telnet 23/udp
such as
If there is a # character in front of it, remove it. The default port of telnet is 23. This port is also the main target of hacker port scanning, so it is best to modify this port. The modification method is very simple, that is, change
Modify the number 23 and change it to a larger number, such as 61123. Note that port numbers below 1024 are reserved by the Internet, so it is best not to use them. You should also be careful not to use them with
Port conflicts with other services.
Start the service: service xinetd restart
