As a sysadmin, you still reach for Telnet when you need a fast, zero-setup way to test whether a TCP port is actually open on a remote host. If you want to install Telnet on Debian 13, the process takes less than five minutes, but Debian 13 (codenamed Trixie) has one important package behavior difference compared to older releases that catches people off guard. This guide covers everything: installing the client, setting up the server, configuring the UFW firewall, verifying the service, and removing Telnet cleanly when you no longer need it.
Before going further, here is the single most important thing to know: Telnet sends all data in plain text, including usernames and passwords. Never use it for remote administration over untrusted networks. Use it for port connectivity testing, legacy system integrations, or isolated lab environments only.
Prerequisites
Before you begin this Linux server tutorial, make sure the following requirements are in place:
- Operating System: Debian 13 (Trixie) with access to the default APT repositories
- User Permissions: A non-root user account with
sudoprivileges - Network Access: An active internet connection to pull packages from
deb.debian.org - Basic Knowledge: Familiarity with running commands in a Linux terminal
- Optional: UFW installed if you plan to configure firewall rules (covered in this guide)
Step 1: Update Your Debian 13 System
Refreshing the package index before any installation is a discipline that prevents version conflicts and broken dependency errors. When APT has stale package data, it can resolve a package to an outdated version or fail to find a dependency that already exists in the updated index.
Run the following command to update the package list and apply any pending upgrades:
sudo apt update && sudo apt upgradeWhat this does:
apt updatesyncs your local package index with the Debian 13 repositoriesapt upgradeinstalls newer versions of already-installed packages
Expected output (partial):
Hit:1 http://deb.debian.org/debian trixie InRelease
Reading package lists... Done
Building dependency tree... Done
Calculating upgrade... DoneIf the upgrade included a new kernel, reboot your system before continuing:
sudo rebootStep 2: Understand the Telnet Package Split on Debian 13
This is the most misunderstood part of the Debian 13 Telnet setup. On Debian 13, both telnet and telnetd are transitional dummy packages, meaning APT maps them to different underlying packages than on Debian 11.
Understanding this split saves you time when reading documentation written for older releases.
| Goal | Package to Install | What APT Actually Installs on Debian 13 |
|---|---|---|
| Client only | telnet |
inetutils-telnet |
| Client and server | telnet telnetd |
inetutils-telnet, inetutils-telnetd, inetutils-inetd, tcpd |
On Debian 11 (Bullseye), the same telnetd package installs openbsd-inetd instead of inetutils-inetd, and Bullseye activates the Telnet listener automatically after install without any manual intervention.
On Debian 13 and 12, the Telnet entry in /etc/inetd.conf ships with a leading space, which prevents inetutils-inetd from recognizing it as an active service. You will fix this in Step 5.
Step 3: Install the Telnet Client on Debian 13
Install the client package when this machine only needs to make outbound Telnet connections or test remote TCP ports. You do not need telnetd for this purpose.
sudo apt install telnetWhat this does: APT resolves telnet to inetutils-telnet on Debian 13, installs the binary, and adds it to your PATH.
Expected output (partial):
Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed:
inetutils-telnet telnet
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.Verify the Telnet Client Installation
Confirm the package is installed with the correct version:
apt-cache policy telnetExpected output:
telnet:
Installed: 0.17+2.5
Candidate: 0.17+2.5
Version table:
*** 0.17+2.5 500
500 http://deb.debian.org/debian trixie/main amd64 PackagesNow confirm the binary itself is accessible:
telnet --versionExpected output on Debian 13:
telnet (GNU inetutils) 2.5This version banner confirms you are running the GNU inetutils client that ships on Debian 13. On Debian 11, the older netkit client does not support --version and returns an error instead, which is normal behavior for that release.
You can also verify the binary path:
which telnetExpected output:
/usr/bin/telnetStep 4: Install the Telnet Server on Debian 13
Install the server package only when this Debian 13 machine must accept incoming Telnet sessions from another machine on your network. This is appropriate for isolated lab environments, legacy hardware integration, or internal network testing.
sudo apt install telnet telnetdWhat this does on Debian 13: APT installs the following package chain:
inetutils-telnet— the Telnet client binaryinetutils-telnetd— the actual Telnet server daemon (in.telnetd)inetutils-inetd— the internet superserver that listens on port 23 and spawns Telnet sessions on demandtcpd— TCP wrappers for host-based access control
Expected output (partial):
The following NEW packages will be installed:
inetutils-inetd inetutils-telnet inetutils-telnetd tcpd telnet telnetd
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.At this point, inetutils-inetd.service is installed but not yet active on Debian 13. Port 23 will not be listening yet. That is expected behavior. The fix is in the next step.
Step 5: Enable the Telnet Service on Debian 13
This step is specific to Debian 13 and Debian 12. It is the most common reason why port 23 does not respond after installing telnetd on current Debian releases.
The root cause: the packaged Telnet entry in /etc/inetd.conf has a single leading space before the word telnet. The inetutils-inetd superserver requires active service entries to start at column 1. With that leading space, it treats the Telnet line as a comment and never opens port 23.
Fix the entry with a single sed command:
sudo sed -i 's/^ telnet/telnet/' /etc/inetd.confWhat this does: The sed substitution finds the pattern ^ telnet (a line starting with a space followed by “telnet”) and replaces it with telnet (no leading space), writing the change in place with the -i flag.
Now restart the inetd service to apply the change:
sudo systemctl restart inetutils-inetd.serviceVerify the inetd.conf Fix
Confirm that the Telnet line now starts at column 1:
grep '^telnet' /etc/inetd.confExpected output:
telnet stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.telnetdIf the line still starts with a space, the sed pattern did not match. You can edit the file directly with:
sudo nano /etc/inetd.confFind the Telnet line and remove the leading space manually, then save and restart the service.
Step 6: Verify the Telnet Service Is Running on Debian 13
With the inetd.conf fix applied, confirm the service is active and that port 23 is actually listening. This is a critical checkpoint before testing any connections.
Check the service status:
systemctl status --no-pager inetutils-inetd.service | sed -n '1,8p'Expected output:
● inetutils-inetd.service - Inetutils Inetd
Loaded: loaded (/usr/lib/systemd/system/inetutils-inetd.service; enabled; preset: enabled)
Active: active (running)The key line is Active: active (running). If it shows inactive (dead), the inetd.conf fix may not have taken effect. Re-run the sed command and restart the service again.
Now confirm port 23 is open and listening:
ss -tlnp | grep ':23'Expected output:
LISTEN 0 ... 0.0.0.0:23 0.0.0.0:* users:(("inetd",pid=XXXX,fd=X))Your Telnet server is running and ready to accept connections on port 23.
How to Test Telnet Connections on Debian 13
With the client installed and the service verified, you can now run three types of connection tests: local loopback, remote host login, and TCP port reachability for other services.
Test a Local Telnet Connection
Test the server you just installed by connecting to localhost:
telnet localhost 23Expected output:
Trying ::1...
Connection failed: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Debian GNU/Linux 13 hostname login:The initial IPv6 refusal followed by a successful IPv4 connection is completely normal when the listener is bound only on IPv4.
To disconnect:
- From inside the session, type
exitorlogout - Or press
Ctrl+]to reach the Telnet prompt, then typequitand press Enter
Connect to a Remote Telnet Server
To connect to another machine running a Telnet service, use its IP address or hostname:
telnet 192.168.1.100 23The default Telnet port is 23, so you can also omit the port number:
telnet 192.168.1.100You will see a login prompt requiring a valid username and password on the remote system.
Common failure scenarios:
Connection refused— Nothing is listening on port 23 on the target machine- Connection timeout — A firewall is dropping packets between your machine and the target
Test TCP Port Reachability for Other Services
This is the most frequent reason sysadmins keep the Telnet client around. You can use it to probe any TCP service, not just Telnet servers:
# Test HTTP on port 80
telnet example.com 80
# Test SMTP on port 25
telnet mail.example.com 25
# Test SSH on port 22
telnet 192.168.1.100 22When a port is open and accepting connections, you see Connected to. When it is closed or filtered, you see Connection refused or a timeout.
HTTP banner grab example:
telnet example.com 80After the TCP connection opens, send a minimal HTTP request:
GET / HTTP/1.1
Host: example.com
Connection: closePress Enter twice. A real web server responds with HTTP headers, confirming the service is reachable and responding correctly.
Step 7: Configure UFW Firewall for Telnet on Debian 13
Because Telnet has zero transport encryption, restricting access to port 23 by source IP is a non-negotiable step when running the server. This is part of a responsible configure Telnet on Debian 13 setup.
Install UFW on Debian 13
Check if UFW is already installed:
sudo ufw statusIf the command is not found, install it:
sudo apt install ufwAllow SSH first before enabling UFW. Skipping this step on a remote server locks you out:
sudo ufw allow ssh
sudo ufw enableExpected output:
Firewall is active and enabled on system startupAllow Telnet from a Trusted IP or Subnet
Never open port 23 to all sources. Restrict it to only the addresses that require access:
Allow a single trusted host:
sudo ufw allow from 192.168.1.10 to any port 23Allow an entire internal subnet:
sudo ufw allow from 192.168.1.0/24 to any port 23Verify and Manage Firewall Rules
Review all active rules to confirm both SSH and Telnet entries are present:
sudo ufw status numberedExpected output:
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 23 ALLOW IN 192.168.1.10
[ 3] 23 ALLOW IN 192.168.1.0/24
[ 4] 22/tcp (v6) ALLOW IN Anywhere (v6)To delete a Telnet rule, use its rule number from the output above:
sudo ufw delete 3Confirm the deletion:
sudo ufw status numberedTroubleshooting Common Telnet Issues on Debian 13
Most Telnet problems on Debian 13 come from one of three root causes: the inetd.conf leading-space bug, a firewall blocking port 23, or a network path issue.
Fix “Connection Refused” on Debian 13
Error:
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refusedCause: Nothing is listening on port 23. On Debian 13, this almost always means the inetd.conf fix was not applied or the service was not restarted.
Fix:
sudo sed -i 's/^ telnet/telnet/' /etc/inetd.conf
sudo systemctl restart inetutils-inetd.service
ss -tlnp | grep ':23'If port 23 still does not appear in the ss output after the restart, check whether another process is already occupying the port:
sudo ss -tlnp | grep ':23'
sudo lsof -i :23Fix Telnet Connection Timeouts
Cause: Packets are being dropped between the client and the server, usually by a firewall.
Fix — Step 1: Verify basic network reachability:
ping -c 4 192.168.1.100Fix — Step 2: Check whether UFW is blocking port 23 on the server:
sudo ufw status numbered | grep 23Fix — Step 3: Confirm the listener is running on the server side:
ss -tlnp | grep ':23'If the host responds to ping but Telnet times out, the firewall is the issue. Add the appropriate UFW rule as shown in Step 7.
Fix Service Not Starting After Install
If inetutils-inetd.service shows inactive (dead) after install and restart, the inetd.conf file may have a syntax error beyond the leading-space issue.
Check the service logs for detailed error output:
journalctl -xeu inetutils-inetd.serviceThings to look for:
- Configuration syntax errors in
/etc/inetd.conf - Missing
in.telnetdbinary (runwhich in.telnetdto confirm it exists) - Port 23 already in use by another process
- A permission issue on the
tcpdwrapper binary
Fix “telnet: command not found”
Cause: The telnet client package is not installed.
Fix:
sudo apt install telnetThis resolves telnet: command not found immediately on Debian 13, as APT installs inetutils-telnet and puts the binary in /usr/bin/telnet.
Fix Wrong Version Banner on Debian 13
If telnet --version returns an error rather than a version string, you may have a Debian 11 client binary running on a Debian 13 system. Remove and reinstall:
sudo apt remove --autoremove telnet
sudo apt install telnet
telnet --versionHow to Uninstall Telnet from Debian 13
When you no longer need Telnet, remove all associated packages and clean up the firewall rules.
Remove the packages and auto-clean unused dependencies:
sudo apt remove --autoremove telnet telnetdOn Debian 13, APT removes: inetutils-telnet, inetutils-telnetd, inetutils-inetd, and tcpd.
Verify both packages report as uninstalled:
apt-cache policy telnet telnetdExpected output:
telnet:
Installed: (none)
telnetd:
Installed: (none)Confirm the binary is gone from your PATH:
command -v telnet || echo "telnet removed"Then remove any remaining UFW rules for port 23:
sudo ufw status numbered
sudo ufw delete [rule-number]Congratulations! You have successfully installed Telnet. Thanks for using this tutorial to install the latest version of Telnet on Debian 13 “Trixie” system. For additional help or useful information, we recommend you check the official Debian website.
