Announcement

Collapse
No announcement yet.

Telnet within SSH

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    [SOLVED] Telnet within SSH

    Was wondering if anyone could tell me whether or not there's a difference between connecting to a remote server with telnet, and connecting with SSH and then using telnet?

    Have been setting up a mail server (again!) and was wondering whether postfix will see commands as originating from within the machine or from whatever IP address my phone has when connect with ssh and then "telnet localhost 25".

    Thanks,

    Feathers
    samhobbs.co.uk

    #2
    Code:
    SSH user@Ip:port
    Sent from my XT901 using Tapatalk
    Registered Linux User 545823

    Comment


      #3
      Short answer: ssh = secure, telnet = NOT

      http://www.differencebetween.net/technology/internet/difference-between-telnet-and-ssh/

      Please Read Me

      Comment


        #4
        I think you've misunderstood the question, I know the differences between the two, but you can log in to a server with SSH and then use telnet from within the SSH session!
        samhobbs.co.uk

        Comment


          #5
          I guess my question is what are you doing via telnet that you can't do via ssh alone? And if there is something you can do via telnet and not via ssh, then telnet-via-ssh would have the ssh level of security.

          So the answer is still the same; ssh=secure, telnet=unsecure. Therefore, using telnet-via-ssh=secure. If you don't need security, no need for ssh. I'm sorry, I don't see any other question in your OP.

          Please Read Me

          Comment


            #6
            The server sits behind my router. The only port forwards I have at the moment are 80 & 443 for Apache, plus one more for SSH.

            I was away from home earlier, so my connection want coming from the LAN. Consequently, I could connect with SSH but couldn't connect to port 25 to test Postfix directly.

            ... so I connected with SSH, and used telnet within that SSH session to test Postfix.

            The question is not at all about security. The telnet connection is local only (within the server), it's not travelling over any networks, secure or not.

            The question is whether or not the server will act as if the commands issued with telnet are being typed in to it locally, or whether it sees them as originating from an outside network, i.e. whatever the IP address of my phone was at the time.

            It matters because I think postfix behaves differently towards connections from "safe" and "unsafe" networks.

            Feathers
            samhobbs.co.uk

            Comment


              #7
              Yes, you can... so long as you have both telnetd and openssh-server installed on your server.

              Here's an ssh session into my system with a telnet connection to 127.0.0.1 from that session:
              Code:
              Welcome to Ubuntu 13.10 (GNU/Linux 3.11.0-14-generic x86_64)
              
               * Documentation:  https://help.ubuntu.com/
              
              Last login: Tue Nov 19 17:26:43 2013 from speedy.fodnet.com
              
              bweinel@excalibur:~$ telnet 127.0.0.1
              Trying 127.0.0.1...
              Connected to 127.0.0.1.
              Escape character is '^]'.
              Ubuntu 13.10
              excalibur login: bweinel
              Password:
              Last login: Tue Nov 19 17:27:06 EST 2013 from speedy.fodnet.com 
              
              on pts/1
              Welcome to Ubuntu 13.10 (GNU/Linux 3.11.0-14-generic x86_64)
              
               * Documentation:  https://help.ubuntu.com/
              
              bweinel@excalibur:~$
              Make sure you have the loopback interface enabled on your server:

              Code:
              bweinel@excalibur:~$ ifconfig lo
              lo        Link encap:Local Loopback  
                        inet addr:127.0.0.1  Mask:255.0.0.0
                        inet6 addr: ::1/128 Scope:Host
                        UP LOOPBACK RUNNING  MTU:65536  Metric:1
                        RX packets:443 errors:0 dropped:0 overruns:0 frame:0
                        TX packets:443 errors:0 dropped:0 overruns:0 carrier:0
                        collisions:0 txqueuelen:0 
                        RX bytes:36953 (36.9 KB)  TX bytes:36953 (36.9 KB)
              For any external access to both services, you may need to tweak both the /etc/hosts.allow and /etc/hosts.deny files.

              cheers,
              bill
              Last edited by bweinel; Nov 19, 2013, 04:39 PM.
              sigpic
              A person who never made a mistake never tried anything new. --Albert Einstein

              Comment


                #8
                Thanks for your replies, although none of them quite answered the question I was asking.

                I've managed to figure it out from reading log files. Just in case anyone else is curious, here's the answer:

                If you SSH from an outside network (on the WAN, say) and then telnet localhost from within that SSH session, then the server sees the commands as originating from within itself, not as originating from wherever you SSH'd from.

                If you connected directly with telnet, the server would see the commands as originating from the IP address of your client machine.

                You can test this with postfix. In main.cf:
                Code:
                smtpd_client_restrictions =
                     permit_mynetworks,
                     permit_sasl_authenticated
                     reject
                Restart postfix:
                Code:
                sudo service postfix restart
                Connect with SSH from WAN, then telnet localhost 25.

                Try and send an email (don't authenticate with SASL), and you will succeed because localhost is part of mynetworks. Now comment out permit_mynetworks , reload postfix and try again:

                Client host rejected.

                Hope that clears up what/why I was asking!

                Feathers
                samhobbs.co.uk

                Comment


                  #9
                  You're becoming quite the server jockey here, Feathers. I'm so proud

                  An alternative for opening a connection to a service is to use netcat. For example, connect to submission on your mail server thusly:
                  Code:
                  nc localhost 587
                  Do stuff. Press Ctrl+D to close the session. One advantage of netcat over telnet is that you can construct pipes and take advantage of stdin/stdout redirection. Very powerful.
                  Last edited by SteveRiley; Nov 22, 2013, 01:19 AM.

                  Comment


                    #10
                    Ha, thanks, I reserve the right to continue to make stupid mistakes (and learn from them) though!

                    Netcat looks really cool, now all I have to do is find a use for it

                    Feathers
                    samhobbs.co.uk

                    Comment


                      #11
                      Originally posted by Feathers McGraw View Post
                      Netcat looks really cool, now all I have to do is find a use for it
                      Open two console windows and position them side-by-side. In the left window, enter:
                      Code:
                      nc -l 1234
                      The cursor will move to the next line and wait. Now switch to the right window and enter:
                      Code:
                      nc localhost 1234
                      Type some stuff. Watch it appear in the left window. Switch to the left window and type some stuff. Watch it appear in the right. Press Ctrl+D in either window to terminate.

                      Neat! Check the man page; read the sections about file transfer and about remote command execution. Its nickname "TCP/IP Swiss Army knife" is well-deserved

                      Comment


                        #12
                        So....

                        Use #1: showing off.

                        Not a bad start

                        Feathers
                        samhobbs.co.uk

                        Comment

                        Working...
                        X