Announcement

Collapse
No announcement yet.

Telnet within SSH

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Feathers McGraw
    replied
    So....

    Use #1: showing off.

    Not a bad start

    Feathers

    Leave a comment:


  • SteveRiley
    replied
    Originally posted by Feathers McGraw View Post
    Netcat looks really cool, now all I have to do is find a use for it
    Open two console windows and position them side-by-side. In the left window, enter:
    Code:
    nc -l 1234
    The cursor will move to the next line and wait. Now switch to the right window and enter:
    Code:
    nc localhost 1234
    Type some stuff. Watch it appear in the left window. Switch to the left window and type some stuff. Watch it appear in the right. Press Ctrl+D in either window to terminate.

    Neat! Check the man page; read the sections about file transfer and about remote command execution. Its nickname "TCP/IP Swiss Army knife" is well-deserved

    Leave a comment:


  • Feathers McGraw
    replied
    Ha, thanks, I reserve the right to continue to make stupid mistakes (and learn from them) though!

    Netcat looks really cool, now all I have to do is find a use for it

    Feathers

    Leave a comment:


  • SteveRiley
    replied
    You're becoming quite the server jockey here, Feathers. I'm so proud

    An alternative for opening a connection to a service is to use netcat. For example, connect to submission on your mail server thusly:
    Code:
    nc localhost 587
    Do stuff. Press Ctrl+D to close the session. One advantage of netcat over telnet is that you can construct pipes and take advantage of stdin/stdout redirection. Very powerful.
    Last edited by SteveRiley; Nov 22, 2013, 01:19 AM.

    Leave a comment:


  • Feathers McGraw
    replied
    Thanks for your replies, although none of them quite answered the question I was asking.

    I've managed to figure it out from reading log files. Just in case anyone else is curious, here's the answer:

    If you SSH from an outside network (on the WAN, say) and then telnet localhost from within that SSH session, then the server sees the commands as originating from within itself, not as originating from wherever you SSH'd from.

    If you connected directly with telnet, the server would see the commands as originating from the IP address of your client machine.

    You can test this with postfix. In main.cf:
    Code:
    smtpd_client_restrictions =
         permit_mynetworks,
         permit_sasl_authenticated
         reject
    Restart postfix:
    Code:
    sudo service postfix restart
    Connect with SSH from WAN, then telnet localhost 25.

    Try and send an email (don't authenticate with SASL), and you will succeed because localhost is part of mynetworks. Now comment out permit_mynetworks , reload postfix and try again:

    Client host rejected.

    Hope that clears up what/why I was asking!

    Feathers

    Leave a comment:


  • bweinel
    replied
    Yes, you can... so long as you have both telnetd and openssh-server installed on your server.

    Here's an ssh session into my system with a telnet connection to 127.0.0.1 from that session:
    Code:
    Welcome to Ubuntu 13.10 (GNU/Linux 3.11.0-14-generic x86_64)
    
     * Documentation:  https://help.ubuntu.com/
    
    Last login: Tue Nov 19 17:26:43 2013 from speedy.fodnet.com
    
    bweinel@excalibur:~$ telnet 127.0.0.1
    Trying 127.0.0.1...
    Connected to 127.0.0.1.
    Escape character is '^]'.
    Ubuntu 13.10
    excalibur login: bweinel
    Password:
    Last login: Tue Nov 19 17:27:06 EST 2013 from speedy.fodnet.com 
    
    on pts/1
    Welcome to Ubuntu 13.10 (GNU/Linux 3.11.0-14-generic x86_64)
    
     * Documentation:  https://help.ubuntu.com/
    
    bweinel@excalibur:~$
    Make sure you have the loopback interface enabled on your server:

    Code:
    bweinel@excalibur:~$ ifconfig lo
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:443 errors:0 dropped:0 overruns:0 frame:0
              TX packets:443 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:36953 (36.9 KB)  TX bytes:36953 (36.9 KB)
    For any external access to both services, you may need to tweak both the /etc/hosts.allow and /etc/hosts.deny files.

    cheers,
    bill
    Last edited by bweinel; Nov 19, 2013, 04:39 PM.

    Leave a comment:


  • Feathers McGraw
    replied
    The server sits behind my router. The only port forwards I have at the moment are 80 & 443 for Apache, plus one more for SSH.

    I was away from home earlier, so my connection want coming from the LAN. Consequently, I could connect with SSH but couldn't connect to port 25 to test Postfix directly.

    ... so I connected with SSH, and used telnet within that SSH session to test Postfix.

    The question is not at all about security. The telnet connection is local only (within the server), it's not travelling over any networks, secure or not.

    The question is whether or not the server will act as if the commands issued with telnet are being typed in to it locally, or whether it sees them as originating from an outside network, i.e. whatever the IP address of my phone was at the time.

    It matters because I think postfix behaves differently towards connections from "safe" and "unsafe" networks.

    Feathers

    Leave a comment:


  • oshunluvr
    replied
    I guess my question is what are you doing via telnet that you can't do via ssh alone? And if there is something you can do via telnet and not via ssh, then telnet-via-ssh would have the ssh level of security.

    So the answer is still the same; ssh=secure, telnet=unsecure. Therefore, using telnet-via-ssh=secure. If you don't need security, no need for ssh. I'm sorry, I don't see any other question in your OP.

    Leave a comment:


  • Feathers McGraw
    replied
    I think you've misunderstood the question, I know the differences between the two, but you can log in to a server with SSH and then use telnet from within the SSH session!

    Leave a comment:


  • oshunluvr
    replied
    Short answer: ssh = secure, telnet = NOT

    http://www.differencebetween.net/technology/internet/difference-between-telnet-and-ssh/

    Leave a comment:


  • jpenguin
    replied
    Code:
    SSH user@Ip:port
    Sent from my XT901 using Tapatalk

    Leave a comment:


  • Feathers McGraw
    started a topic [SOLVED] Telnet within SSH

    Telnet within SSH

    Was wondering if anyone could tell me whether or not there's a difference between connecting to a remote server with telnet, and connecting with SSH and then using telnet?

    Have been setting up a mail server (again!) and was wondering whether postfix will see commands as originating from within the machine or from whatever IP address my phone has when connect with ssh and then "telnet localhost 25".

    Thanks,

    Feathers

Users Viewing This Topic

Collapse

There are 0 users viewing this topic.

Working...
X