- Newest
- Most votes
- Most comments
See the answer to your previous question and your comment under my response, where you tried to run systemctl without sudo. This indicates that you are at least able to SSH onto the EC2 instance and install the packages.
As others have said, in response to this question and the previous one, it's really not advised to use telnet for connecting to hosts and hasn't been for at least 20 years - it's unencrypted which means that anybody can sniff the packets going along the wire and get your password (and/or the root password). There really isn't a good reason to be running a telnet server to facilitate inbound connection onto a host - use SSH instead - although in certain cases the telnet client can be useful for troubleshooting, although that's not what you're asking for here.
You already know that SSH listens on port 22, and that you need port 22 open in your security group to allow access. Similarly, telnet listens on port 23 so you would need port 23 open in a security group to allow access.
The other thing is that SSH can work with keys or passwords, and again from the response on your last question you know that the default user on your host is ec2-user and you connect using a key for that one. Telnet can only authenticate with a password, so you'd be advised to create a new user and set its password, and then try to connect using that (saves messing with the ec2-user account, if that becomes unusable then your host is inaccessible) https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s2-users-cl-tools
If this still isn't clear then could you describe in more detail what your use case is here, and what it is you need to be able to do.
Hi,
If you need shell access to a Linux instance you might want to consider using AWS Systems Manager Session Manager instead of telnet (and direct SSH). This would allow you to connect directly from the AWS Management Console (should you wish to do so) or via AWS CLI tooling. Session Manager relies HTTPS to create a bi-directional connection between the Systems Manager Agent and the service so you do not have to open up port to connect via the internet directly. The Systems Manager agent comes bundled a a lot AMIs or can be installed using a cloud-init script when the EC2 instance starts up.
To use Session Manager, you need to attach an IAM role with the arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore policy and make sure that the instance can connect to the EC2 and SSM Services either via the internet (e.g. a NAT gateway or via AWS Service Endpoints in the same VPC as the EC2 instance). Once this is done, you can simply connect via the manage management console.
That will not work for the application I am using.
Also, I am 100% new to AWS. So the instructions, while informative, mean nothing to me without step-by-step inclusion on HOW to do them and WHERE to find them.
Hello,
SSH is recommended over telnet, as telnet is not encrypted and is by default not installed in amazon instance. But if you would like to continue with telnet, I believe this could help you https://stackoverflow.com/questions/44085886/how-to-set-up-telnet-in-aws-instance
Thank you
Relevant content
- asked 4 years ago
- asked 7 months ago
- asked 3 years ago
AWS OFFICIALUpdated 2 months ago- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
Wellllllllll, I created an instance and I am unable to open said instance with the AWS browser connect. Thus, I am not able to connect nor control said instance.
I am trying to make a Linux instance that will allow a telnet connection, authenticate said connection (even though only I will be using it (multiple times)), and telnet out of said instance to another telnet recipient.
I made an instance once before, and the comment above yours proved to be utterly useless, as I am not using HTTP. I am using a TELNET Client.
The traffic is just raw text, with no concerns of encypting said text as I will not be sending any data that requires said measures.
I am just simply trying to create a gateway that I can duplicate, as well as instruct others to use for this telnet method.
I never mentioned HTTP anywhere in that reply.
Provision the EC2 in a public subnet, that is a subnet whose route table has an entry for an internet gateway. If you pick the default VPC in the region for your account, any of the pre-created subnets is a public subnet.
Associate a security group with the instance that has inbound TCP port 22 open from source 0.0.0.0/0. Now you should be able to SSH onto the host with the SSH key you would have specified during provisioning of the EC2, using the default user of the AMI that installed the Linux OS, common ones are here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html#ami-default-user-names
You may be able to login using EC2 Instance Connect (I assume this is what you mean by AWS Browser Connect) as long all the prerequisites are met https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-prerequisites.html
In particular, the version of Linux chosen for the EC2 instance is key https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html
More detailed troubleshooting steps for Instance Connect are here https://repost.aws/knowledge-center/ec2-instance-connect-troubleshooting
Now you should be able to login to the host using SSH.
Install the telnet server software with
sudo yum install -y telnet-serverand then start it withsudo systemctl enable telnet.socket; sudo systemctl start telnet.socket, and amend the security group associated with the EC2 instance so that it allows inbound connections from 0.0.0.0/0 on TCP port 23. Add a user (so we don't mess up the default user), something likeuseradd testuser; passwd testuserand set its password.Now you should be able to telnet to the public IP address of the EC2, and be met with a challenge for a username (which will be testuser) and then whatever you set the password to.
To telnet from here onto another host, firstly the other host has to be setup to receive incoming telnet connections, which is exactly the same process as has just been used above - both in terms of installing and enabling the telnet server, and opening port 23 in the security group.
The host you are telnetting from (which I guess is the one you have done all the work on up until now) has to have telnet client installed
sudo yum install -y telnetand its security group must have outbound TCP port 23 opened to the target server. You can either have the target's IP address, or its subnet, or reference to its security group, or just 0.0.0.0/0 until you get it working (you can narrow it down later).Much more detailed information on security groups is here https://docs.aws.amazon.com/vpc/latest/userguide/security-groups.html
Initially it's best to stand up both EC2s in the same subnet as it means you don't have to worry about routing and peering issues. You can always add more complexity once you get things working, and understand a bit better how it all fits together.