Telnet provides low-level access to other machines
using a standardized protocol and connection. This section describes the
command line interface for the Windows version of Telnet, which varies a
little from the interface other platforms use. This section won't tell
you how to perform management tasks.
1. Administrating Telnet with the TLNTAdmn Utility
The Telnet
Administrator utility helps you control Telnet sessions on your machine.
You access it using the TLNTAdmn utility. If you use TLNTAdmn alone,
you'll see a display of the current server status, as shown in Figure 1.
Adding start, stop, pause, or continue to the command line controls the
Telnet service state. Note that these commands only work if you set
Telnet to manual or automatic mode—the command fails if you disable the
Telnet service.
The TLNTAdmn utility includes three user-specific commands. Use the -s
switch with an optional session identifier to display the user status
information. Each user entry includes the user ID, name, remote
connection point, and logon time. The idle time column is a good
indicator of who has gone to lunch with their Telnet connection intact.
Use the -m switch with a session identifier to send the user a message. The third user option is the -k SessionIdentifier switch. Use it to end a user session. This utility uses the following syntax:
TLNTAdmn [ComputerName] [-u user [-p password]] start | stop | pause|
continue | -s sessionid | -k sessionid | -m sessionid message | config
config_options
The following list describes each of the command line arguments.
ComputerName
Specifies the name of a remote computer. The default setting uses the local computer.
-u
user
Specifies the name
of the user account used to execute command. The default setting relies
on the user account for the currently logged in user.
-p
password
Specifies the user password.
start
Starts the
Telnet service. This option only works when the service is set to
automatic or manual. You can't start a disabled service.
stop
Stops the Telnet service.
pause
Pauses the
Telnet service. A pause is temporary when compared to a stop. Don't use
pause when you actually mean to stop the service.
continue
Continues the service from a pause.
-s
sessionid
Lists information about the specified session.
-k
sessionid
Terminates the
specified session. Exercise care in using this option since a terminated
session could cause data loss. Generally, you'll use this as a last
resort. Try sending a message to the user first to shut down the session
from the client side or physically end the session from the client
terminal yourself.
-m
sessionid message
Sends a message to
the specified session. Make sure you place any message within quotes.
Otherwise, the utility sends just the first word of the message to the
remote terminal and then displays an error message.
config
config_options
Changes the server configuration. Use one or more configuration options to change the way in which the server works.
Telnet provides a
number of configuration options. Each of these configuration options
controls an aspect of the way in which Telnet works. Change the server
configuration carefully because some options can cause connection errors
or make the server unavailable to users who need it. The following list
describes each of the configuration options.
dom =
Domain
Sets the
default domain for checking usernames. If you're using a peer-to-peer
configuration, then the only domain is your machine. The only time you
can set this to another domain is if you have a Windows server set up as
a domain controller.
ctrlakeymap = <Yes|No>
Sets the mapping of
the ALT key to Ctrl+A when on. This is the default setting. This setting
doesn't affect the VTNT terminal, but does affect other terminal types.
See RFC 884 (http://www.faqs.org/rfcs/rfc884.html) for a list of standard Telnet terminal types.
timeout =
hh:mm:ss
Determines how
long the Telnet server waits before it logs out a user automatically.
You must include the colons between the hours, minutes, and seconds. In
addition, if you want to set a value to 0, then include a 0 on the
command line. For example, if you want to set the timeout value to 30
minutes, type TLNTADMN config timeout = 0:30:00 at the command line.
timeoutactive = {Yes | No}
Enables idle session timeout counter. Whenever a session reaches the timeout value, the Telnet server disables it automatically.
maxfail =
Attempts
Sets the
maximum number of login failure attempts before disabling the user
account. Telnet won't allow disabled user accounts to connect.
maxconn =
Connections
Determines
the maximum number of connections the Telnet server accepts. Note that
the Microsoft documentation states that you can accept a maximum of two
sessions. This is incorrect. Using this configuration option allows you
to accept the maximum number of connections your machine can handle.
port =
Number
Changes the
connection port number. It's always a good idea to change this number to
something other than the default to help thwart crackers. Of course, if
you leave the port open and use poor security, someone will still get
in.
sec = [+/-]NTLM [+/-]PASSWD
Determines the
acceptable security (authentication) mechanisms. Allowing NTLM enables
the user to log in using their default Windows username and password.
mode = {Console | Stream}
Controls how the
server reacts to control character input. Always use console mode to
ensure users can use applications such as EDIT.
2. Executing Commands Remotely with the Telnet Utility
The Telnet utility manages Telnet sessions at the command prompt. You'll start the Telnet client at a command prompt by typing Telnet
and pressing Enter. Telnet displays a Welcome message, the escape
character, and a Microsoft Telnet prompt. This utility uses the
following syntax:
TELNET [-a][-e escape char][-f log file][-l user][-t term][host [port]]
The following list describes each of the command line arguments.
-a
Performs an automatic logon using the currently logged on username and password. This option works about the same as the -l
option except you don't have to specify the username. Windows XP and
above ignore this option if you have NTLM security enabled. It
automatically logs on using the currently logged on username and
password.
NOTE
The Windows XP
and above versions of Telnet sets Windows NT LAN Manager (NTLM)
authentication on by default. This means that it will always attempt to
log on using the currently logged on username and password. Using this
option makes access somewhat automatic. All you need to do is type Telnet HostName
at the command prompt and Telnet connects you, if you have proper
rights. However, this option has two unfortunate side effects. The first
is that you can't specify another username and password to log onto the
system. The second is that the NTLM option appears to interfere with
operation of some Telnet clients.
-e Modifies the escape character used to enter the Telnet client prompt from a remote session. Telnet defaults to Ctrl+], which is a good choice because it isn't used by anything else.
-f
Filename
Sets the filename
for client-side logging. Using this option also turns client-side
logging on. Client-side logging doesn't track the commands you type at
the Telnet prompt; they only record what you've done at the remote
terminal connection. For example, if you type a Dir command at the remote prompt, you'll see the Dir
command and results in the log. However, you won't see the command used
to open the connection because that occurs at the Telnet prompt.
-l
Username
Specifies the
username to log in with on the remote system. You can't specify a
password at the command line, so you still have to provide a password
before the session will start. Windows XP and above ignores this option
if you have NTLM security enabled. It automatically logs on using the
currently logged on username and password.
-t
TerminalType
Specifies the
terminal type used for command processing and text display. Telnet
supports the VT100, VT52, ANSI, and VTNT terminal types. The terminal
type determines the characteristics of the session. It dates back to a
time when people accessed mainframes using utilities such as Telnet.
Using the default ANSI terminal usually works fine. Telnet remembers
your preferred terminal type from session to session.
|
The default terminal
type of ANSI does work fine for most connections, especially those with a
mainframe. However, the ANSI terminal type causes problems when you run
certain Windows XP character mode utilities. Any utility that has a
display and a functional menu system will likely require you to use the
VTNT terminal. For example, if you normally use the EDIT command to work with text files, you'll want to use the VTNT terminal.
|
|
HostName
[PortNumber]
Specifies the hostname or IP address of the remote computer. You may
optionally specify a service name or port number. The only time you need
to specify a port number is to access a service other than Telnet or if
the Telnet administrator changes the port number.
