Announcement

**jpenguin** · Nov 19, 2013, 11:17 AM

Code:

SSH user@Ip:port

Sent from my XT901 using Tapatalk

**oshunluvr** · Nov 19, 2013, 11:38 AM

Short answer: ssh = secure, telnet = NOT

http://www.differencebetween.net/technology/internet/difference-between-telnet-and-ssh/

**Feathers McGraw** · Nov 19, 2013, 11:41 AM

I think you've misunderstood the question, I know the differences between the two, but you can log in to a server with SSH and then use telnet from within the SSH session!

**oshunluvr** · Nov 19, 2013, 11:58 AM

I guess my question is what are you doing via telnet that you can't do via ssh alone? And if there is something you can do via telnet and not via ssh, then telnet-via-ssh would have the ssh level of security.

So the answer is still the same; ssh=secure, telnet=unsecure. Therefore, using telnet-via-ssh=secure. If you don't need security, no need for ssh. I'm sorry, I don't see any other question in your OP.

**Feathers McGraw** · Nov 19, 2013, 01:20 PM

The server sits behind my router. The only port forwards I have at the moment are 80 & 443 for Apache, plus one more for SSH.

I was away from home earlier, so my connection want coming from the LAN. Consequently, I could connect with SSH but couldn't connect to port 25 to test Postfix directly.

... so I connected with SSH, and used telnet within that SSH session to test Postfix.

The question is not at all about security. The telnet connection is local only (within the server), it's not travelling over any networks, secure or not.

The question is whether or not the server will act as if the commands issued with telnet are being typed in to it locally, or whether it sees them as originating from an outside network, i.e. whatever the IP address of my phone was at the time.

It matters because I think postfix behaves differently towards connections from "safe" and "unsafe" networks.

Feathers

**bweinel** · Nov 19, 2013, 04:23 PM

Yes, you can... so long as you have both telnetd and openssh-server installed on your server.

Here's an ssh session into my system with a telnet connection to 127.0.0.1 from that session:

Code:

Welcome to Ubuntu 13.10 (GNU/Linux 3.11.0-14-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

Last login: Tue Nov 19 17:26:43 2013 from speedy.fodnet.com

bweinel@excalibur:~$ telnet 127.0.0.1
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Ubuntu 13.10
excalibur login: bweinel
Password:
Last login: Tue Nov 19 17:27:06 EST 2013 from speedy.fodnet.com 

on pts/1
Welcome to Ubuntu 13.10 (GNU/Linux 3.11.0-14-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

bweinel@excalibur:~$

Make sure you have the loopback interface enabled on your server:

Code:

bweinel@excalibur:~$ ifconfig lo
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:443 errors:0 dropped:0 overruns:0 frame:0
          TX packets:443 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:36953 (36.9 KB)  TX bytes:36953 (36.9 KB)

For any external access to both services, you may need to tweak both the /etc/hosts.allow and /etc/hosts.deny files.

cheers,
bill

**Feathers McGraw** · Nov 20, 2013, 10:01 AM

Thanks for your replies, although none of them quite answered the question I was asking.

I've managed to figure it out from reading log files. Just in case anyone else is curious, here's the answer:

If you SSH from an outside network (on the WAN, say) and then telnet localhost from within that SSH session, then the server sees the commands as originating from within itself, not as originating from wherever you SSH'd from.

If you connected directly with telnet, the server would see the commands as originating from the IP address of your client machine.

You can test this with postfix. In main.cf:

Code:

smtpd_client_restrictions =
     permit_mynetworks,
     permit_sasl_authenticated
     reject

Restart postfix:

Code:

sudo service postfix restart

Connect with SSH from WAN, then telnet localhost 25.

Try and send an email (don't authenticate with SASL), and you will succeed because localhost is part of mynetworks. Now comment out permit_mynetworks , reload postfix and try again:

Client host rejected.

Hope that clears up what/why I was asking!

Feathers

**SteveRiley** · Nov 22, 2013, 01:07 AM

You're becoming quite the server jockey here, Feathers. I'm so proud

An alternative for opening a connection to a service is to use netcat. For example, connect to submission on your mail server thusly:

Code:

nc localhost 587

Do stuff. Press Ctrl+D to close the session. One advantage of netcat over telnet is that you can construct pipes and take advantage of stdin/stdout redirection. Very powerful.

**Feathers McGraw** · Nov 22, 2013, 02:05 AM

Ha, thanks, I reserve the right to continue to make stupid mistakes (and learn from them) though!

Netcat looks really cool, now all I have to do is find a use for it

Feathers

**SteveRiley** · Nov 25, 2013, 12:42 AM

Originally posted by Feathers McGraw View Post

Netcat looks really cool, now all I have to do is find a use for it

Open two console windows and position them side-by-side. In the left window, enter:

Code:

nc -l 1234

The cursor will move to the next line and wait. Now switch to the right window and enter:

Code:

nc localhost 1234

Type some stuff. Watch it appear in the left window. Switch to the left window and type some stuff. Watch it appear in the right. Press Ctrl+D in either window to terminate.

Neat! Check the man page; read the sections about file transfer and about remote command execution. Its nickname "TCP/IP Swiss Army knife" is well-deserved

**Feathers McGraw** · Nov 25, 2013, 12:53 AM

So....

Use #1: showing off.

Not a bad start

Feathers

Announcement

Telnet within SSH

[SOLVED] Telnet within SSH

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment