How to login via telnet to a LAN PC?

0

I am trying to login to my friends PC. We both are using ubuntu 14.04 LTS. I told her to install telnet by typing the following commands:

sudo apt-get install telnetd
sudo /etc/init.d/openbsd-inetd restart

Now I told her to tell me her IP address.

The IP when the ifconfig command is run from terminal is like 172.21.*.* . But when she googles, her IP is seen as 59.152.*.*.

When I try to telnet the IP 172.21.*.*, it hangs. and when I try the public IP 59.152.*.* it says, connection closed by foreign host. Is there any way to connect so that I can login to her computer?

Tamim Addari

Posted 2014-09-13T09:32:24.423

Reputation: 103

Your friend does not have normal IP addresses for her devices. She probably only has one IP for her modem/router-combi-thinges and has a private RFC1918 network behind it. The get around that either use public IP addresses (IPv4 or IPv6) or some ugly hack called NAT. The latter is whaty @barlop is using in this answer. – Hennes – 2014-09-13T10:04:38.513

what is the router/modem brand here? Is this her ISP's modem brand? How do I know that? – Tamim Addari – 2014-09-14T15:55:42.837

Here I see I need to use port forwarding for SSH !! – Tamim Addari – 2014-09-14T17:43:15.787

Answers

1

NAT/NAPT port forwarding, on your NAT router so the public address on the public interface of NAT router goes to the private ip of a comp. But make sure the telnet password is very very strong. People tend to use ssh these days not telnet.

barlop

Posted 2014-09-13T09:32:24.423

Reputation: 18 677

1+1 just for mentioning not to use telnet.

Note that the strength of the telnet password does not matter at all. It is sent in plain text and is trivially easy to read if you have network access. – Hennes – 2014-09-13T10:06:12.703

@Hennes The lack of encryption is an issue, but the strength of the password is a much more serious issue. Of the two dangers..sombody sniffing his password, and somebody brute forcing a weak or default password, the latter is far more likely to happen. If he and she has a wired connection..and not a compromised wireless connection, then surely sniffing is limited to those on his/her lan and to internet access providers on the route? That's an issue but a much smaller issue than having a weak password on the internet where tons of hackers can and do try to get in. – barlop – 2014-09-13T10:12:09.443

1I was assuming a non-weak SSH password. Your point about decent passwords for anything internet facing is a good one.

Yet using telnet and a strong password feels as if someone puts a good lock on a door yet leaves the windows open. It is more secure yet still insufficient and it may generate an incorrect feeling of security.

The latter is something which seems to always trigger answers or comments from me. – Hennes – 2014-09-13T10:26:25.360

@Hennes With leaving windows of a house open, -anybody- can get through, so it's not quite as bad as that..that's not a good analogy,one could come up with arguably better analogies but analogies r not necessary and can be misleading. Also telnet can be used securely,he could add a firewall and limit access to one IP then he won't even need to worry so much(or at all?) about a strong password.So he'd have an easy memorable password, and a simple program(telnet)..(though i'm not suggesting rigidly sticking to telnet or leaving ssh! of course i'd suggest ssh over telnet unless one wants telnet) – barlop – 2014-09-13T11:10:32.893

Never use telnet other than a last resort. Use SSH with keys. Rather than giving the hacker a door, just remove the door completely apart from those computers with the correct key. – JohnnyVegas – 2014-09-13T11:52:03.147

@JohnnyVegas Of course ssh with keys, providing passwordless logins are wonderfully convenient.. and also very secure like a long password(though takes some research to figure it out/learn how to use), and a passphrase on the private key, even better. Nobody denied the security of ssh with keys, but the questioner asked about Telnet. And by the way, restricting access to e.g. a telnet server, with a firewall, to one IP, then even if the server has a weak password, i'd guess it's pretty secure, I don't see you pointing out security flaws with doing that. – barlop – 2014-09-13T11:56:49.167

Assuming that nobody else is on your network, telnet is fine. I never use telnet as although useful, it's too much of a liability. Same as FTP. – JohnnyVegas – 2014-09-14T00:38:03.763

0

A few things:

  1. Don't use telnet - prefer something more secure like ssh.
  2. Are you both on the same network?
  3. It sounds like you're confusing 'internal' and 'external' IP addresses.
  4. If you are both on the same network, and are happy with not having access to the machine from outside of your network, then do not touch your router, and do not look at port forwarding.

Public vs. Private IP Address

Most home networks (and many larger networks) will use something called Network Address Translation (NAT). This means that a single public IP address is used to provide access to the internet for the whole network. A public IP address is accessible via the internet.

Private IP addresses are accessible only within a closed, 'private network'. They are in the defined ranges (below). Any address in these ranges will not be accessible over the internet.

  • 192.168.0.0 - 192.168.255.255
  • 172.16.0.0 - 172.31.0.0
  • 10.0.0.0 - 10.255.255.255

The computer will report your 'private' address, while external servers that you connect to (e.g: Google) will see your 'public' address.

Connection between computers

As mentioned above, if you are both sitting on the same network (it's generally okay to assume that if Google reports the same public IP to both of you, then you're on the same network), then you do not need to send data via the internet to communicate between your computers.

You said that the connection 'hangs', and this could be due to a few things (it's better to leave it to report an error than cancelling the program).

  1. You are on different networks, but happen to share a private network address range... no device is at that address on your network, so the connection will timeout and fail.
  2. You are on different networks, and are on different private address ranges... your computer will forward the packets to the router, who (if configured properly) should not forward them to the internet... the connection will be 'unroutable' and fail, or will timeout and fail.
  3. You are on the same network, but her computer has a firewall running, and is configured to ignore these packets... the connection will timeout and fail

Attie

Posted 2014-09-13T09:32:24.423

Reputation: 14 841

Asked: 2014-09-13T09:32:24.423

Viewed: 1 852 times

Active: 2017-03-24T13:27:01.807