Linux Telnet Daemon (telnetd)

The Telnet protocol is generally not installed on new systems as it is an insecure clear text authentication protocol. The following procedures will install a Telnet daemon on a Debian based system: apt-get install telnetd apt-get install xinetd For older systems that use inetd, you can uncomment the line in the inetd.conf configuration file for the telnet protocol (in.telnetd). If your system uses the xinetd wrapper, you must create a telnet file in the xinetd.d directory specifying certain parameters. -------------------------------------------------------------------------------- Using xinetd TCP wrapper system: #/etc/xinetd.d/telnetd service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = yes } -------------------------------------------------------------------------------- Ubuntu apt-get install telnetd #/etc/inetd.conf echo "telnet stream tcp nowait telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd" | xconf.pl service telnetd { socket_type = stream protocol = tcp wait = no user = telnetd server = /usr/sbin/in.telnetd } -------------------------------------------------------------------------------- service telnet { disable = no flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID no_access = 10.0.1.0/24 log_on_success += PID HOST EXIT access_times = 09:45-16:15 } -------------------------------------------------------------------------------- Forward Telnet Session To Alternate Host or NIC Use bind and redirect to redirect the connection to another NIC or system: service telnet { socket_type = stream wait = no server = /usr/sbin/in.telnetd log_on_success += DURATION USERID log_on_failure += USERID bind = 123.123.123.123 redirect = 10.0.1.13 21 23 } -------------------------------------------------------------------------------- Converting inetd.conf To xinetd.conf and/or xinetd Files http://archiv.debianhowto.de/en/xinetd/c_xinetd.html At the moment the configuration file is as of the /etc/inetd.conf. But a problem occurs if packages will be installed or removed which should be / are started by the super daemon. In this case, dpkg the package management of debian, runs a script called update-inetd. The name says everything, it will only update entries in the /etc/inetd.conf, not in the /etc/xinetd.conf. Two ways are offered to update the xinetd configuration file easily after installing or removing packages, which only update the inetd configuration file. Both are described at /usr/share/doc/xinetd/README.update-inetd. Try a look at this. Script: itox A service configuration for inetd is one line. The script itox converts this one line from STDIN (standard input) to xinetd syntax and returns this on STDOUT (standard output). The result can easily added in /etc/xinetd.conf. There is one difference. If the service should be started through a TCP-wrapper (using the limits of /etc/hosts.allow and /etc/hosts.deny) the calling of the script looks a little bit different. echo "smtp stream tcp nowait mail /usr/sbin/exim exim -bs" | itox Script: xconv.pl The script xconv.pl follows a different way than itox. It reads the whole inetd configuration file from STDIN and returns a xinetd like configuration to STDOUT. It's possible to put in the whole configuration file and replace the xinetd configuration file. Converting inetd.conf with xconv.pl completely for xinetd: xconv.pl < /etc/inetd.conf > /etc/xinetd.conf If you will alter the /etc/xinetd.conf manually to fit your own requirements it's not a good solution to replace the whole configuration file everytime there's an update - you will lost your own changes! Anyway you can use xconv.pl. Simple redirect the output to an tempfile or STDOUT (screen) and add the part you will update using copy and paste to the /etc/xinetd.conf. Manual Usage: echo "telnet stream tcp nowait telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd" | xconv.pl Don't forget to restart xinetd: /etc/init.d/xinetd restart -------------------------------------------------------------------------------- Notes on Telnetd and XINETD Configuration Parameters The bind and redirect options in this file ensures that the Telnet service on the machine is bound to the external IP address (123.123.123.123), the one facing the Internet. In addition, any requests for Telnet service sent to 123.123.123.123 are redirected via a second network adapter to an internal IP address (10.0.1.13) that only the firewall and internal systems can access. The firewall then send the communication between the two systems, and the connecting system thinks it is connected to 123.123.123.123 when it is actually connected to a different machine. This feature is particularly useful for users with broadband connections and only one fixed IP address. When using Network Address Translation (NAT), the systems behind the gateway machine, which are using internal-only IP addresses, are not available from outside the gateway system. However, when certain services controlled by xinetd are configured with the bind and redirect options, the gateway machine can act as a type of proxy between outside systems and a particular internal machine configured to provide the service.