If you manage Linux servers long enough, you will eventually run into a situation where you need to quickly test whether a remote port is open or a legacy service is responding. That is exactly where Telnet still earns its place in a sysadmin’s toolkit. In this guide, you will learn how to install Telnet on AlmaLinux 10, configure the server, open the necessary firewall port, adjust SELinux, and verify everything works — from start to finish.
AlmaLinux 10, codenamed “Purple Lion,” ships with a modernized stack including kernel 6.12 and the next-generation DNF5 package manager, which makes the installation process slightly different from older RHEL-family releases. This tutorial targets beginners through intermediate Linux users, sysadmins, and developers who need a clear, no-nonsense walkthrough for getting Telnet running on their system.
What Is Telnet and Why Does It Still Matter?
Telnet (Teletype Network) is one of the oldest application-layer protocols in computing history. It was designed to provide a bidirectional, text-based communication session between two machines over TCP/IP, using port 23 by default.
The most important thing to understand upfront: Telnet transmits all data, including usernames and passwords, in plain text. There is zero encryption. This makes it completely unsuitable for any production environment exposed to the public internet.
So why use it at all? Because it remains one of the fastest and most reliable ways to test TCP port connectivity, debug service banners, and manage older legacy hardware like certain routers or switches that only support Telnet. For isolated lab networks, internal test environments, and quick port-reachability checks, Telnet is still a practical tool that every Linux professional should know how to deploy.
Telnet vs. SSH: Know the Difference
Before going further, it helps to understand where Telnet sits relative to SSH:
| Feature | Telnet | SSH |
|---|---|---|
| Encryption | None (plaintext) | Full (AES, ChaCha20) |
| Default Port | 23 | 22 |
| Authentication | Username/password in plain text | Password or public-key |
| Security Risk | High | Low |
| Best For | Testing, labs, legacy devices | All production remote access |
AlmaLinux 10 ships with OpenSSH 9.9 for all production remote access needs. Use Telnet only where its specific capabilities are required and where the network is fully trusted.
Prerequisites
Before you start the Telnet on AlmaLinux 10 setup, confirm the following are in place:
- AlmaLinux 10 (Purple Lion, kernel 6.12) installed and booted
- Root or sudo access — all commands below require elevated privileges
- Active internet connection — needed to download packages from the AlmaLinux repositories
- DNF5 package manager — this is the default in AlmaLinux 10; all
dnfcommands map to DNF5 automatically - Firewalld installed and running — AlmaLinux 10 uses firewalld as its default dynamic firewall manager
- SELinux in enforcing mode by default — you will need to verify its state during the setup process
- Basic terminal familiarity — you should be comfortable running commands and editing files with
nanoorvi
Step 1: Update Your AlmaLinux 10 System
Updating the system before installing any new software is a best practice that prevents dependency conflicts and ensures your package metadata is current.
Run the System Update
sudo dnf update -yThe -y flag automatically confirms all prompts, so the process runs without stopping to ask for your input. DNF5 will pull the latest package metadata from all enabled repositories and apply any pending updates.
Verify Your Repository List
dnf repolist allThis confirms that your system can reach AlmaLinux’s official repositories. Starting from September 2025, AlmaLinux 10 enables the CRB (CodeReady Builder) repository by default, which expands the range of available packages.
If the kernel was updated during this step, reboot the system before continuing:
sudo rebootA clean reboot ensures the new kernel is loaded before you install additional services.
Step 2: Install the Telnet Client on AlmaLinux 10
The Telnet client is the package that lets your AlmaLinux 10 machine initiate outbound Telnet connections to remote hosts or test TCP ports on other servers. Most users only need the client for diagnostic tasks.
Install the Telnet Client Using DNF5
sudo dnf install telnet -yDNF5 will resolve dependencies, download the RPM package, and install it automatically.
Verify the Telnet Client Installation
Check that the package was installed correctly:
telnet --versionDepending on the build, this may display usage information rather than a version number, which is normal.
You can also confirm the installation through DNF5 directly:
dnf list installed | grep telnetOr use RPM to cross-verify:
rpm -qa | grep telnetIf either of these commands returns a result like telnet-0.17-xx.el10.x86_64, the client is installed and ready.
Step 3: Install the Telnet Server on AlmaLinux 10
The Telnet server package is what allows other machines to connect into your AlmaLinux 10 system over Telnet on port 23. You only need this if you are setting up a host that other clients will connect to.
Install the telnet-server Package
sudo dnf install telnet-server -yInstall xinetd (Optional but Supported)
In traditional RHEL-family configurations, xinetd (Extended Internet Services Daemon) acts as a super-server that listens on behalf of multiple services, including Telnet, and spawns the appropriate handler on demand.
sudo dnf install xinetd -yOn AlmaLinux 10, the preferred modern approach is systemd socket activation using telnet.socket, which replaces xinetd for most use cases. The xinetd method is still available and useful when you need compatibility with older configurations or fine-grained access control via /etc/hosts.allow and /etc/hosts.deny.
Enable the Telnet Service via systemd Socket Activation (Recommended)
Enable and start the Telnet socket using systemd:
sudo systemctl enable --now telnet.socketVerify the socket is running:
sudo systemctl status telnet.socketExpected output should show active (listening), which means systemd is waiting on port 23 for incoming connections. When a client connects, systemd will automatically start the telnetd service to handle that session and hand off the socket, then return to listening.
Enable and Start xinetd (Alternative Method)
If you prefer the xinetd approach:
sudo systemctl enable xinetd
sudo systemctl start xinetdCheck the service status:
sudo systemctl status xinetdBoth methods accomplish the same goal; choose whichever fits your environment.
Step 4: Configure the Telnet Server
If you are using the xinetd method, you need to edit its configuration file to enable Telnet. The systemd socket method does not require this step.
Edit the xinetd Telnet Configuration File
Open the configuration file:
sudo nano /etc/xinetd.d/telnetLook for the line that reads:
disable = yesChange it to:
disable = noThe complete, working configuration block should look like this:
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}Save the file and exit (Ctrl + X, then Y, then Enter in nano).
Restart the xinetd Service
Apply the new configuration:
sudo systemctl restart xinetdConfirm Telnet Is Listening on Port 23
Verify that the service is actively listening:
ss -tulpn | grep 23You should see an entry showing LISTEN on *:23 or your server’s IP address on port 23. If you do not see this, revisit the service status and configuration file.
Step 5: Configure Firewalld to Allow Telnet Port 23
AlmaLinux 10 uses firewalld as its default firewall manager, and port 23 is blocked by default. Without opening this port, any remote client attempting to connect will receive a Connection refused error before they even reach the Telnet service.
Open Port 23 Using the Telnet Service Name (Recommended)
sudo firewall-cmd --add-service=telnet --zone=public --permanentThe --permanent flag ensures this rule persists after a system reboot.
You can also open the port directly if you prefer explicit control:
sudo firewall-cmd --permanent --add-port=23/tcpReload Firewalld to Apply Changes
sudo firewall-cmd --reloadVerify the Firewall Rule Is Active
sudo firewall-cmd --list-allIn the output, look for telnet under services: or 23/tcp under ports:. Either entry confirms that incoming connections on port 23 are now permitted through the firewall.
Step 6: Configure SELinux for Telnet on AlmaLinux 10
AlmaLinux 10 ships with SELinux userspace version 3.8 and SELinux in enforcing mode by default. Even with the firewall open, SELinux can silently block Telnet connections if the proper policies are not in place — which is a common source of confusion during setup.
Check SELinux Status
sestatusThis shows whether SELinux is Enforcing, Permissive, or Disabled.
Check Telnet-Related SELinux Booleans
getsebool -a | grep telnetReview whether any relevant Telnet booleans are already enabled or disabled.
Add the Telnet Port to SELinux Policy (If Needed)
If SELinux is blocking connections, add the Telnet port to the correct policy type:
sudo semanage port -a -t telnetd_port_t -p tcp 23Enable the relevant boolean if the semanage step alone does not resolve the issue:
sudo setsebool -P allow_telnet_server onNote that systems running selinux-policy version 3.12.1-77 or later may not require the semanage step at all, as the Telnet port context may already be defined.
Step 7: Test the Telnet Connection
With the service running, the firewall open, and SELinux configured, it is time to verify everything works end to end.
Test Locally on the Server
telnet localhost 23If Telnet is working, you will see a login prompt or a banner message from the server. Type your username and press Enter when prompted.
Test Remote Port Connectivity
Use Telnet to check if a specific port on a remote host is reachable:
telnet example.com 80This tests whether port 80 on example.com accepts TCP connections. You will see either a connected message or a Connection refused response. This technique works for testing SMTP (port 25), FTP (port 21), HTTP (port 80), and virtually any other TCP service.
Connect from a Remote Machine
From a second machine on the same network:
telnet <server-ip-address> 23Replace <server-ip-address> with your AlmaLinux 10 server’s actual IP address. A successful connection shows a login prompt. A timeout or refusal means the firewall, SELinux, or the service itself needs further review.
Review Service Logs for Troubleshooting
Check systemd logs for the Telnet socket:
sudo journalctl -u telnet.socketOr for xinetd:
sudo journalctl -u xinetdFor a broad view of recent system errors:
sudo journalctl -xeTroubleshooting Common Telnet Issues on AlmaLinux 10
Even with a careful setup, things can go wrong. Here are the most common problems and how to fix them:
1. Connection refused on port 23
The Telnet service is not running or the firewall is still blocking the port.
Run sudo systemctl status telnet.socket and sudo firewall-cmd --list-all to check both.
2. Connection timed out
The firewall rule was added but not reloaded, or it was applied to the wrong zone.
Run sudo firewall-cmd --reload and confirm the active zone with firewall-cmd --get-active-zones.
3. telnet: command not found
The Telnet client package is not installed on the machine you are connecting from.
Run sudo dnf install telnet -y on the client machine.
4. Port 23 not visible in ss -tulpn
The service is installed but not started, or the disable = yes line in /etc/xinetd.d/telnet was not changed.
Re-check the xinetd config file and run sudo systemctl restart xinetd.
5. SELinux silently blocking connections
You can connect locally but remote connections fail with no firewall-related error.
Run sudo ausearch -c 'telnetd' --raw | audit2allow -M telnetd_local to see what SELinux is blocking, then apply the suggested policy.
Security Best Practices for Using Telnet on AlmaLinux 10
Because Telnet sends all traffic as plaintext, it carries real risk if mishandled. Follow these practices whenever you configure Telnet on AlmaLinux 10 for a Linux server tutorial or lab environment:
- Restrict access to trusted subnets only. Use a firewall rich rule to limit who can reach port 23:
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" service name="telnet" accept' - Use /etc/hosts.allow and /etc/hosts.deny to whitelist specific hosts at the TCP wrapper level. Add
in.telnetd: 192.168.1.0/24tohosts.allowandin.telnetd: ALLtohosts.deny. - Never allow root login over Telnet. Create a dedicated test account with limited permissions for any Telnet sessions.
- Monitor active sessions using
whoorwin real time, and enableauditdto log all login attempts. - Plan your exit strategy. Use SSH for anything that leaves the lab. AlmaLinux 10 ships with OpenSSH 9.9, which handles all production remote access securely and efficiently.
How To Uninstall Telnet from AlmaLinux 10
If you no longer need Telnet, removing it cleanly is straightforward.
Remove the Telnet client:
sudo dnf remove telnet -yRemove the server and xinetd:
sudo dnf remove telnet-server xinetd -yDisable the systemd socket:
sudo systemctl disable telnet.socketRemove the firewall rule and reload:
sudo firewall-cmd --permanent --remove-service=telnet
sudo firewall-cmd --reloadThese steps leave your system in a clean state with no residual Telnet configurations or open ports.
Congratulations! You have successfully installed Telnet. Thanks for using this tutorial for installing the Telnet on your AlmaLinux OS 10 system. For additional or useful information, we recommend you check the official Telnet website.
