This tutorial explains how to configure Telnet Server and client in RedHat Linux / Centos step by step with examples including installation and firewall configuration.
Telnet is the application layer protocol which provides bidirectional interactive text-based communication. It works in Server / Client mode where Telnet Server application is installed in main computer and all other computers connect with it using Telnet client application.
For demonstration purpose I will use following RHCE LAB which is specially setup for the practice of RHCE exam objective. To learn more about how to setup RHCE practice lab see following tutorial.
I will install Telnet Server on Server system and Telnet client on remaining systems.
This tutorial is prepared for Centos/RHEL 7.0 ( or higher version). To learn how to configure Telnet Server in RedHat 6.0 (or lower version) please see this tutorial.Configure Telnet Server in RedHat Linux 6
Configure Telnet Server in Centos /RedHat Linux
By default RHEL does not install Telnet Server in standard installation. To find out whether the Telnet Sever is installed or not we can use following rpm query command.
rpm –qa telnet-server
If above command does not return any output then telnet-server is not installed.
We can install telnet server from two commands; yum and rpm. To install telnet server from yum command use following:-
yum install telnet-server
yum command depends on repository. If system is connected with repository, above command will install the Telnet Sever. If system is not connected with any repository, above command will not work.
Alternatively if we have RHEL installation disk (or local copy of Packages directory from RHEL installation disk), we can use rpm command to install the Telnet Server. Packages directory on RHEL installation media contents all RPMs. To install telnet server from rpm command use following:-
rpm –ivh telnet-server-[version number]
We can use shell’s auto complete command feature to automatically populate the version number. To use auto complete command features type following command and press tab key.
rpm –ivh telnet-server-
To verify the installation we can use rpm query command again.
Following figure illustrates telnet-server rpm query, installation and verification process.
Once telnet-server rpm is installed we can start the telnet service with following command.
systemctl start telnet.socket
To verify the status use following command
systemctl status telnet.socket
Telnet service will be enabled only for this session. To enable it permanently use following command
systemctl enable telnet.socket
Configure Telnet Client in Centos /RedHat Linux
Just like Telnet Server, Telnet client is not installed by default. If we execute the telnet command without installing telnet rpm, shell will throw the following error:-
-bash: /bin/telnet: No such file or directory
To install telnet rpm from yum command, use following :-
yum install telnet
To install telnet rpm from rpm command, use following :-
yum install telnet-[version number]
Following figure illustrates the query / installation / verification operation on second system (named -ipa) from lab
Let’s install telnet client on third system (named - client) by following the same process
How to install Telnet client on Windows
Unlike Linux we do not need to install Telnet client in Windows system separately. Telnet Server and Telnet Client application are the part of the standard installation in Windows. But these applications are not activated by default. We will get following error, if run telnet command before activating telnet client application:-
‘telnet’ is not recognized as an internal or external command, operable program or batch file.
To enable Telnet client open Control Panel and click Program and Click Turn Windows features on or off
From the opened window, check Telnet Client and click OK. In few minutes Telnet client service will be activated.
So far we have installed Telnet server in server computer and Telnet client in remaining computers. We have also enabled necessary services. With this setup client computers should be able to connect with server computer via telnet protocol.
Let’s try to connect with server from all three computers one by one
As output indicates we are unable to access telnet server computer from all three telnet client computers. So what went wrong? We have installed necessary packages. We have also enabled necessary services, then what is blocking telnet traffic?
Yes…. you guess right it is firewall which is blocking telnet traffic.
In a standard network implementation all services are secured by firewall. To view the status of firewall use following command
systemctl status firewalld
As above figure illustrates firewall is running on server. We must have to tell the firewall, which client computers are allowed to access the telnet service. Let’s allow one computer (named-client) to access the telnet server. Use following command to add allow rule in firewall for client computer.
firewall-cmd --add-rich-rule 'rule family="ipv4" source address="192.168.1.100/32" service name="telnet" log prefix="Telnet Access Allowed" level="info" accept' --permanent.
If rule is successfully added, shell prompt will return with a Success message.
To add new rule in existing rules chain we have to reload the firewall. Next command will reload the firewall
If firewall is reloaded successfully, shell prompt will return with a Success message.
To verify that our rule is successfully added we can use following command.
Following figure illustrates above process step by step.
Let’s try again from client computer. This time we should be able to connect with telnet server. We can use any normal account (created on server computer) to login.
root account is not allowed to login through the telnet service. So if you are unable to login from root account then it’s not an error, it’s a security feature.
If we try to access telnet server from remaining two computers (ipa and win) at this time, we will get same error. As we have allowed only one computer (client) to access the server.
Okay let’s allow one more computer (named-win) to access the telnet server.
Test the setup from second computer (named-win)
Notice we haven’t allowed the third computer (named-ipa) so far. For a successful implementation it should not be able to access the server computer. Let’s try again to connect with telnet server from this computer.
As output shows we are still unable to connect with server from this computer. While at this moment are able to connect with server from remaining two client computers (named client & ipa). This way we can control computers which are allowed to access the telnet server from network.
Telnet is the most insecure way to connect with remote computer. It does not encrypt the data. In addition it sends username and password in clear text format. Anyone who has access in network may sniff login credential from sniffer tools. Originally Telnet was developed for the private network and it should be used only in private network where outsider computers are not allowed to connect with network. Telnet should never be used on public network under any circumstances.