The tutorial explains about how to change the telnet server port number on CentOS 7 / RHEL . We will keep SELINUX in enforcing mode and change the default port number 23 to some other port number. We believe you have already install telnet server on CentOS 7 / RHEL 7.
Task : Change telnet server default port number 23 to other port number.
IMPORTANT NOTE: Always select port number more than 1024 and should not be assigned to any running application.
We will change the telnet default port 23 to 2323.
Change Telnet Server Port Number
Follow the given below steps to change the telnet server port number.
1. Take backup of telnet.socket:
First take the backup of file called telnet.socket
cp -p /usr/lib/systemd/system/telnet.socket /root/telnet.socket.`date +%F`
2. Install policycoreutils-python :
To get semanage command install policycoreutils-python package.
yum install policycoreutils-python
3. Add custom telnet port number 2323 in SELINUX
Use below command to add port number 2323 for telnet service in SELINUX.
semanage port -a -t telnetd_port_t -p tcp 2323
check the status by below given command
semanage port -l | grep telnet
4. Change custom port in telnet.socket
First stop the telnet service
systemctl stop telnet.socket
Now change the value ListenStream=23 to ListenStream=2323 in telnet.socket file . It means, the telnet service will listen on port 2323 .
Edit the file /usr/lib/systemd/system/telnet.socket and change the value ListenStream=2323 .
vi /usr/lib/systemd/system/telnet.socket [Unit] Description=Telnet Server Activation Socket Documentation=man:telnetd(8) [Socket] ListenStream=2323 Accept=true [Install] WantedBy=sockets.target
5. Now relaod systemctl :
Run below given command to reload systemctl after editing telnet.socket file.
Start the telnet service
systemctl start telnet.socket
6. Allow port 2323 from source address in firewalld
Allow the port no. 2323 from source address in firewalld. On RHEL 7/CentOS 7 , firewalld is alternate for iptables.
In below given command, replace the source address=”192.168.56.0/24″ with your network address or client ip address.
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.56.0/24" port port="2323" protocol="tcp" log prefix="tftp-custom" level="info" limit value="1/m" accept'
7. Access telnet-server from remote system :
Because we have changed telnet server port number to 2323 . Here we have to run below given syntax from remote system to access the telnet server
Telnet server IP Address : 192.168.56.101
Telnet custom port number : 2323
From remote system, run the command on terminal
telnet 192.168.56.101 2323
By default root user is not allowed to access telnet server. Hence, use the other system user.
Hint : To allow root user to access telnet-server, you have to work on pam file. But telnet is not allowed to access from public network and it is insecure. So we decided to end this tutorial here only.