Telnet provides a simple way to connect to remote systems and test network services. While SSH has largely replaced Telnet for secure remote access, Telnet remains useful for network diagnostics, testing port connectivity, debugging application protocols, and connecting to legacy systems that do not support encryption. By the end of this guide, you will have a working Telnet client and server on Debian, understand how to test connections, and know how to secure access with firewall rules.
Security warning: Telnet transmits data in plain text, including passwords. Never use Telnet for sensitive connections over untrusted networks. For secure remote access, use SSH on Debian instead.
Update Debian Before Telnet Installation
Before installing any packages, first refresh your package index to ensure you install the latest available versions. This step also applies any pending security updates to your system:
sudo apt update && sudo apt upgradeInstall Telnet Client and Server
Debian provides Telnet through its default repositories. The telnet package installs the client for connecting to remote systems, while telnetd installs the server daemon for accepting incoming connections.
Install the Telnet Client Only
If you only need to connect to other systems or test port connectivity, install just the client:
sudo apt install telnetOnce installed, verify the client is available:
telnet --versionOn Debian 13 and 12, you will see output similar to:
telnet (GNU inetutils) 2.x Copyright (C) Free Software Foundation, Inc. ...
However, on Debian 11, the netkit client does not support --version, so you will see:
telnet: invalid option -- '-' Usage: telnet [-468ELadr] [-S tos] [-b addr] [-e char] [-l user] [-n file] ...
Debian 13 and 12 use
inetutils-telnet(GNU inetutils) as the underlying package, while Debian 11 usesnetkit-telnet. Thetelnetpackage acts as a transitional wrapper on newer versions. Both implementations function identically for typical use cases.
Install the Telnet Server
To accept incoming Telnet connections on your Debian system, install the server package alongside the client:
sudo apt install telnet telnetdUnlike standalone services, the Telnet server runs through an internet superserver daemon (inetd). As a result, the inetd service manages Telnet connections on demand rather than running continuously.
Verify the Telnet Service Is Running
After installation, verify that the inetd service started successfully. Note that the service name differs between Debian versions:
Debian 13 (Trixie) and Debian 12 (Bookworm):
systemctl status inetutils-inetdWhen the service is running correctly, you will see output similar to:
● inetutils-inetd.service - Inetutils Inetd
Loaded: loaded (/lib/systemd/system/inetutils-inetd.service; enabled; preset: enabled)
Active: active (running) since Tue 2025-12-17 12:00:00 UTC; 1min ago
Main PID: 1234 (inetd)
Tasks: 1 (limit: 4915)
Memory: 1.2M
CPU: 10ms
CGroup: /system.slice/inetutils-inetd.service
└─1234 /usr/sbin/inetd
Debian 11 (Bullseye):
systemctl status openbsd-inetdThe output should look similar to:
● openbsd-inetd.service - OpenBSD Internet Superserver
Loaded: loaded (/lib/systemd/system/openbsd-inetd.service; enabled; preset: enabled)
Active: active (running) since Tue 2025-12-17 12:00:00 UTC; 1min ago
Main PID: 1234 (inetd)
Tasks: 1 (limit: 4915)
Memory: 1.0M
CGroup: /system.slice/openbsd-inetd.service
└─1234 /usr/sbin/inetd
Should the service show as inactive, you can start and enable it manually:
Debian 13/12:
sudo systemctl enable --now inetutils-inetdDebian 11:
sudo systemctl enable --now openbsd-inetdTest Telnet Connections
With Telnet installed, you can now test connectivity to local and remote services. Telnet is particularly useful for verifying that network services are listening on expected ports.
Test a Local Telnet Connection
First, verify your Telnet server accepts connections locally:
telnet localhost 23Upon successful connection, you will see a login prompt:
Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Debian GNU/Linux 13 hostname login:
From here, enter your system username and password to log in. To disconnect, press Ctrl+] to access the Telnet command prompt, then type quit and press Enter.
Connect to a Remote Server
To connect to a remote system, specify the IP address or hostname followed by the port number. The default Telnet port is 23:
telnet 192.168.1.100 23When a connection fails, verify that the remote server is running a Telnet service, that the firewall allows connections on port 23, and that the IP address is correct.
Test Service Port Connectivity
Beyond remote login, Telnet is widely used to test whether network services are reachable. Simply replace the port number based on the service you want to test:
# Test HTTP web server (port 80)
telnet example.com 80
# Test HTTPS (port 443)
telnet example.com 443
# Test SMTP mail server (port 25)
telnet mail.example.com 25
# Test SSH (port 22)
telnet 192.168.1.100 22When successful, the connection shows Connected to followed by the server address. Conversely, if the port is closed or filtered, you will see Connection refused or the connection will time out.
For example, when testing an HTTP server:
telnet example.com 80Trying 93.184.216.34... Connected to example.com. Escape character is '^]'.
Once connected, you can send an HTTP request manually to verify the web server responds:
GET / HTTP/1.1
Host: example.com
Connection: closeAfter typing the request, press Enter twice. The server then responds with HTTP headers and page content, confirming the web server is operational.
When connected to a remote system via Telnet, you interact with that system’s shell. However, Telnet also provides its own command interface for managing the connection.
Access the Telnet Command Prompt
Press Ctrl+] to access the Telnet command prompt. This returns you to the local Telnet client where you can issue commands without affecting the remote session.
Common Telnet Commands
From the telnet> prompt, the following commands are available:
Display current connection settings:
displayToggle local echo on or off:
toggle localcharsSend a break signal to the remote host:
send brkClose the connection and exit:
quitClose a Telnet Session
There are several options to end a Telnet session:
Method 1: Log out from the remote system using exit or logout at the shell prompt.
Method 2: Press Ctrl+] to access the Telnet prompt, then type quit:
quittelnet> quit Connection closed.
Method 3: Alternatively, press Ctrl+] followed by close to disconnect but remain in the Telnet client for a new connection.
Restrict Telnet Access with UFW Firewall
Because Telnet lacks encryption, you should restrict access to trusted IP addresses rather than opening port 23 to the internet. The Uncomplicated Firewall (UFW) provides a straightforward way to configure these rules on Debian.
Install and Enable UFW
To begin, install UFW if it is not already present:
sudo apt install ufwCritical: If you are connected via SSH, allow SSH access before enabling UFW. Otherwise, you will be locked out of your server.
sudo ufw allow sshNext, enable the firewall:
sudo ufw enableFirewall is active and enabled on system startup
For comprehensive firewall configuration, see our guide on installing and configuring UFW on Debian.
Allow Telnet from Specific IP Addresses
Instead of opening Telnet to all sources, restrict access to trusted IP addresses or subnets:
Allow a single IP address:
sudo ufw allow from 192.168.1.10 to any port 23Allow an entire subnet:
sudo ufw allow from 192.168.1.0/24 to any port 23Verify Firewall Rules
After adding rules, review your firewall configuration to confirm they are correctly applied:
sudo ufw status numberedThe output should show both SSH and Telnet rules:
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 23 ALLOW IN 192.168.1.10
[ 3] 23 ALLOW IN 192.168.1.0/24
[ 4] 22/tcp (v6) ALLOW IN Anywhere (v6)
Remove a Firewall Rule
When you need to delete a rule, reference its number from the status output. For example, to remove rule 3 (the subnet rule):
sudo ufw delete 3Deleting: allow from 192.168.1.0/24 to any port 23 Proceed with operation (y|n)? y Rule deleted
Troubleshoot Telnet Connection Issues
When Telnet connections fail, work through these common issues to identify the problem.
Connection Refused
A “Connection refused” error indicates the remote system is reachable but no service is listening on that port:
Trying 192.168.1.100... telnet: Unable to connect to remote host: Connection refused
Verify the inetd service is running on the target system. On the server, check whether port 23 is listening:
ss -tlnp | grep :23When Telnet is properly configured, you should see output similar to:
LISTEN 0 50 0.0.0.0:23 0.0.0.0:* users:(("inetd",pid=1234,fd=4))
Should no output appear, the Telnet service is not running. In that case, start the appropriate inetd service for your Debian version (see the verification section above).
Connection Times Out
A timeout suggests a firewall is blocking the connection or the host is unreachable:
Trying 192.168.1.100... telnet: Unable to connect to remote host: Connection timed out
To diagnose this, first confirm basic network connectivity:
ping -c 4 192.168.1.100When ping succeeds but Telnet still fails, check the firewall on the target system. On the server, verify UFW allows Telnet:
sudo ufw status | grep 23Service Fails to Start
When the inetd service fails to start, examine the system logs for details:
Debian 13/12:
journalctl -xeu inetutils-inetdDebian 11:
journalctl -xeu openbsd-inetdCommon causes include missing configuration in /etc/inetd.conf or port conflicts with another service.
Remove Telnet from Debian
To uninstall Telnet and clean up related packages, follow these steps based on your Debian version.
Remove Telnet Packages
Remove the client and server packages:
sudo apt remove telnet telnetdThis command removes the transitional packages but leaves dependencies installed. To clean up orphaned packages that were only installed because of Telnet, run:
sudo apt autoremoveOn Debian 13 and 12, autoremove cleans up packages including inetutils-inetd, inetutils-telnet, inetutils-telnetd, and their dependencies.
On Debian 11, autoremove cleans up openbsd-inetd, the netkit Telnet packages, and related dependencies.
Remove Firewall Rules
Additionally, if you added UFW rules for Telnet, remove them to prevent confusion:
sudo ufw status numberedThen identify the Telnet rules (port 23) and delete them by number:
sudo ufw delete 2Verify Removal
Finally, confirm Telnet is no longer available:
which telnetWhen Telnet is fully removed, this command returns no output.
Conclusion
You now have Telnet installed on Debian for network diagnostics and legacy system access. The key points covered include installing the client and server packages, testing connections, restricting access with UFW firewall rules, and removing the software when no longer needed. For any production remote access needs, switch to SSH, which provides encryption and stronger authentication to protect your systems and data.
