Telnet 5250

This chapter contains an example of a basic Fudo Enterprise configuration, to monitor Telnet 5250 connections to a remote server. In this scenario, the user connects to the remote server using Telnet client and logs in using individual login and password. Fudo Enterprise authenticates the user against the information stored in the local database, establishes connection with the remote server and starts recording.

Note

Telnet connections do not support login credentials forwarding and login credentials substitution. When connecting to target host over telnet protocol, users are asked to provide their login credentials twice. First time to authenticate against Fudo Enterprise and then again, to connect to the target host.

Prerequisites

Description below assumes that the system has been already initiated. For more information on the initiation procedure refer to the System Initiation topic.

Configuration

Adding a server

Server is a definition of the IT infrastructure resource, which can be accessed over one of the specified protocols.

1. Select Management > Servers.

2. Click Add and select Static server.

3. Provide essential configuration parameters:

Parameter	Value
General
Name	telnet_server
Description
Blocked
Protocol	Telnet 5250
TLS enabled
Bind address	Any
Permissions
Granted users
Destination
Address	10.0.35.137
Mask	32
Port	23

4. Click Save or Save and close

Adding a user

User defines a subject entitled to connect to servers within monitored IT infrastructure. Detailed object definition (i.e. unique login and domain combination, full name, email address etc.) enables precise accountability of user actions when login and password are substituted with a shared account login credentials.

1. Select Management > Users.

2. Click Add.

3. Provide essential user information:

Parameter	Value
General
Name	john_smith
Role	user
Blocked
Account validity	Indefinite
Settings Tab
Safes
Authentication section
Authentication failures
Enforce password complexity
Add authentication method:	Static password
Password	john
User Data Tab
Fudo domain
AD Domain
LDAP Base
Full name	John Smith
Email	john@smith.com
Organization
Phone
Permissions Tab
Granted users

4. Click Save.

Adding a listener

Listener determines server connection mode (proxy, gateway, transparent, bastion) as well as its specifics.

1. Select Management > Listeners.

2. Click Add.

3. Provide essential configuration parameters:

Parameter	Value
General
Name	telnet_listener
Blocked
Protocol	Telnet 5250
Permissions
Granted users
Connection
Mode	proxy
Local address	10.0.150.151
Port	23
Use TLS
Legacy crypto
Server certificate

4. Click Save.

Adding an account

Account defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.

1. Select Management > Accounts.

2. Click Add.

3. Provide essential configuration parameters:

Parameter	Value
General
Name	admin_telnet_server
Blocked
Type	forward
Session recording	all
Notes
Data retention
Override global retention settings
Delete session data after	61 days
Permissions
Granted users
Server
Server	telnet_server
Credentials
Replace secret with	with password
Password
Repeat password
Forward domain

4. Click Save.

Defining a safe

Safe directly regulates user access to monitored servers. It specifies available protocols’ features, policies and other details concerning users and servers relations.

1. Select Management > Safes.

2. Click Add.

3. Provide essential configuration parameters:

Parameter	Value
General
Name	telnet_safe
Blocked
Notifications
Login reason
Require approval
Policies
Note access
Protocol functionality
RDP
SSH
VNC
Permissions
Granted users

4. Select Users tab.

5. Click Add user.

6. Find John and click ..

7. Click OK.

8. Select Accounts tab.

9. Click Add account.

10. Find the admin_telnet_server object and click ..

11. Click OK.

12. Click in the Listeners column.

13. Find the telnet_listener object and click ..

14. Click OK.

15. Click Save.

Establishing a Telnet Connection with the Remote Host

1. Launch telnet client of your choice.

2. Connect to the remote host:

   telnet> open 10.0.150.151
   Trying 10.0.150.151...
   Connected to 10.0.150.151.
   Escape character is '^]'.
   

3. Provide user authentication information defined on Fudo Enterprise:

4. Provide user authentication information defined on the target host:

   FreeBSD/amd64 (fbsd83-cerb.whl) (pts/0) login: password:

Note

Telnet connections do not support user credentials substitution.

Viewing User’s Session

1. Open a web browser and go to the 10.0.150.151 web address.

2. Enter the login and the password to log in to the Fudo Enterprise administration panel.

3. Select Management > Sessions.

4. Find John Smith’s session and click i.

Related topics:

• Quick start - SSH connection configuration

• Quick start - HTTP connection configuration

• Quick start - MySQL connection configuration

• Quick start - RDP connection configuration

• Requirements

• Data model

• Resources