| 2 comments ]

Legacy Telnet and FTP Servers

This document describes how to configure Linux systems to host Telnet and FTP servers. However, Telnet and FTP are considered highly insecure methods for communicating and sharing data over networks. In short, users can steal login passwords as they are being transmitted to and from hosts hence compromising security. These services should only be used in the most secure environments. In response to these security concerns, SSH (secure Shell) has been in place for years adding 128-bit encryption and increased ease of use. It is highly recommended that you use a SSH based Server / Client environment than risk using these legacy products.

Discussed In This Document
Server Details
Telnet Server
  • The legacy "port 23" service for remote logins
VS FTP Server
  • A legacy "port 21" file transfer protocol server
GSS FTP Server
  • An alternate legacy "port 21" file transfer protocol server

A Note about FTP and Telnet Clients

If you are looking to Telnet or FTP to ANOTHER system, you do not need to configure your system's FTP or Telnet services, simply use a Telnet or FTP client to connect to a remote system. In Linux, you can use the telnet or ftp command. You can also install something like gFTP, putty, and so forth to accomplish this.

Telnet Server

Telnet-Server (insecure)

There is almost no good reason to have the telnet-server or ftpd services running on a Linux (or Unix) box. These tasks can be more easily handled with the built in sshd server which only requires to be started (service sshd start or use the GUI) and not configured. Telnet and FTP introduce huge security risks which have lead to thousands of compromises. In the rare case that it is needed, directions are listed below.

Part I - Terminal Session

  1. Install the "telnet-server" from the software repository using the command line or the graphical utility (pick a method to install)
  2. Right mouse click on the desktop, choose "open Terminal" or locate it in the start menu
  3. Switching to Administrator
    Use the " su - " command to become the administrator account which is called "root" on Unix systems
  4. Configure the telnet configuration file , change disable =yes to disable=no
    gedit /etc/xinetd.d/telnet


    Example: telnet file ( change disable =yes to disable=no)

    # description: The telnet server serves telnet sessions; it uses \
    # unencrypted username/password pairs for authentication.

    service telnet
    {
    flags = REUSE
    socket_type = stream
    wait = no
    user = root
    server = /usr/sbin/in.telnetd
    log_on_failure += USERID
    disable = no
    }
  5. restart the xinetd services
    Example using Red Hat:
    # service xinetd restart
    Stopping xinetd: [ OK ]
    Starting xinetd: [ OK ]
  6. Try to telnet to the localhost at the command prompt
    # telnet localhost
    Trying 127.0.0.1...
    Connected to localhost.localdomain (127.0.0.1).
    Escape character is '^]'.
    Red Hat Enterprise Linux WS release 4 (Nahant Update 4)
    Kernel 2.6.9-42.ELsmp on an x86_64
    login: quickm
    Password: *******
    Last login: Wed Jan 3 12:22:54 from wecm-9-67-102-241.wecm.ibm.com
  7. Then try telnet to the machine from another host
    Note, if this fails then firewall on your host may be the culprit (try shutting it down for testing with: service iptables stop )
    [root@exceed ~]# telnet evil
    Trying 9.62.16.61...
    Connected to evil.
    Escape character is '^]'.
    Red Hat Enterprise Linux WS release 4 (Nahant Update 4)
    Kernel 2.6.9-42.ELsmp on an x86_64
    login: quickm
    Password: *****
    Last login: Fri Jan 5 14:09:31 from localhost
  8. Make telnet service start on boot with chkconfig
    chkconfig --level 35 xinetd on

Some of these commands and configurations will be different depending on your Operating System. The examples here came largely from a RHEL4/5 based system running Open Client.

2 comments

meghanasmiley03 said... @ July 11, 2017 at 3:40 AM

I admire the valuable information you offer in your articles. I will bookmark your blog and have my friends check up here often. I am quite sure they will learn lots of new stuff here than anybody else! Regards aws jobs in hyderabad.

odms said... @ August 22, 2017 at 11:42 PM

hi nice post..
iKAN Security Services & Systems provides all types of security services & Training i.e. security solutions,escort,event,dog squad,CCTV Monitoring,house keeping etc.

hyderabad security services

Post a Comment