Click to See Complete Forum and Search --> : telnet and swat
I installed RH7.1 with telnet-server and samba. I modified the telnet file in xinetd.d, so "disable = no". "hosts.allow"
and "hosts.deny" are empty. But I cannot telnet to this machine from other PC. I can only telnet to this machine from itself. For swat, I modified the swat file under xinetd.d, so "disable = no". But I can only start it by using "http://127.0.0.1:901". I cannot start swat from other machine or on itself by "http://it's-ip-address:901".
Thanks for any help,
ailb
:confused:
Dengar
08-27-2001, 04:53 PM
All the advice I have read here is not to use telnet at all since its not secure. Run your SSH (secure shell?) server and SSH in instead of telnet. Use a client like Putty if you need to SSH in from a windows PC.
[ 27 August 2001: Message edited by: Dengar ]
There are legitimate uses for telnet - I have a LAN with a bunch of windows 2000 boxes and I dont care to install SSH clients on every machine - I dont worry about security because that particular linux box is not connected to the internet! :rolleyes:
Craig McPherson
08-29-2001, 03:06 PM
Telnet is perfectly fine as long as it's inaccessible from the Internet. It's great on LANs. If you have 5000 Win2K systems (may God have mercy on your soul, but also) they all have a half-decent telnet client installed (as compared to Win9x's grossly indecent telnet client), whereas the only easy way to get a SSH client on all 5000 machines is to put PuTTY on a shared drive or something of the sort.
The way most people use SSH, it's only marginally more secure than telnet anyway. It's of little use unless it's used correctly, which most people don't do.
Okay, anyway. To fix your problem.
1. Have you restarted xinetd after editing the configuration file?
2. Once you've restarted xinetd, portscan the local machine from the local machine, and see if port 23 is open. If not, go no further.
3. Now, telnet to the local machine from the local machine. If that doesn't work, go no further.
4. Now, try to telnet from the machine from a remote machine on the LAN.
If step 2 fails, it means xinetd isn't configured correctly.
If step 3 fails (assuming step 2 succeeded, of course), it probably means you're having a problem with TCP wrappers or other access control in xinetd. (uncommon)
If step 4 fails (assuming steps 2 and 3 succeeded), then the telnet connections from the LAN are being blocked by the box's firewall. Adjust the firewall.
Originally posted by Craig McPherson:
<STRONG>Telnet is perfectly fine as long as it's inaccessible from the Internet. It's great on LANs. If you have 5000 Win2K systems (may God have mercy on your soul, but also) they all have a half-decent telnet client installed (as compared to Win9x's grossly indecent telnet client), whereas the only easy way to get a SSH client on all 5000 machines is to put PuTTY on a shared drive or something of the sort.
The way most people use SSH, it's only marginally more secure than telnet anyway. It's of little use unless it's used correctly, which most people don't do.
Okay, anyway. To fix your problem.
1. Have you restarted xinetd after editing the configuration file?
2. Once you've restarted xinetd, portscan the local machine from the local machine, and see if port 23 is open. If not, go no further.
3. Now, telnet to the local machine from the local machine. If that doesn't work, go no further.
4. Now, try to telnet from the machine from a remote machine on the LAN.
If step 2 fails, it means xinetd isn't configured correctly.
If step 3 fails (assuming step 2 succeeded, of course), it probably means you're having a problem with TCP wrappers or other access control in xinetd. (uncommon)
If step 4 fails (assuming steps 2 and 3 succeeded), then the telnet connections from the LAN are being blocked by the box's firewall. Adjust the firewall.</STRONG>
Thanks for your help. I deleted all the rules in ipchains. Now I can telnet to my linux machine. But I still have another problem, I cannot access this machine through samba. On this linux machine, I got rejected when I try to run smbclient -L ip-of-this-linux-machine. But I can connect if I run smbclient -L localhost.
Any thoughts?
Thanks,
Ailb
Craig McPherson
08-30-2001, 12:03 AM
"smbclient -L" only takes NetBIOS names, not IP addresses. Blame Microsoft, they own the SMB protocol. Well, actually the stole it from IBM, but let's not pick nits.