Telnet 5250¶
This chapter contains an example of a basic Fudo Enterprise configuration, to monitor Telnet 5250 connections to a remote server. In this scenario, the user connects to the remote server using Telnet client and logs in using individual login and password. Fudo Enterprise authenticates the user against the information stored in the local database, establishes connection with the remote server and starts recording.
Note
Telnet connections do not support login credentials forwarding and login credentials substitution. When connecting to target host over telnet protocol, users are asked to provide their login credentials twice. First time to authenticate against Fudo Enterprise and then again, to connect to the target host.
Prerequisites¶
Description below assumes that the system has been already initiated. For more information on the initiation procedure refer to the System initiation topic.
Configuration¶
Adding a server
is a definition of the IT infrastructure resource, which can be accessed over one of the specified protocols.
- Select > .
- Click and select Static server.
- Provide essential configuration parameters:
| Parameter | Value |
|---|---|
| General | |
| Name | telnet_server |
| Description |  |
| Blocked | |
| Protocol | Telnet 5250 |
| TLS enabled | |
| Bind address | Any |
| Permissions | |
| Granted users | |
| Destination | |
| Address | 10.0.35.137 |
| Mask | 32 |
| Port | 23 |
- Click or
Adding a user
User defines a subject entitled to connect to servers within monitored IT infrastructure. Detailed object definition (i.e. unique login and domain combination, full name, email address etc.) enables precise accountability of user actions when login and password are substituted with a shared account login credentials.
- Select > .
- Click .
- Provide essential user information:
| Parameter | Value |
|---|---|
| General | |
| Name | john_smith |
| Role | user |
| Blocked | |
| Account validity | Indefinite |
| Settings Tab | |
| Safes | |
| Authentication section | |
| Authentication failures | |
| Enforce password complexity | |
| Add authentication method: | Static password |
| Password | john |
| User Data Tab | |
| Fudo domain | |
| AD Domain | |
| LDAP Base | |
| Full name | John Smith |
john@smith.com |
|
| Organization | |
| Phone | |
| Permissions Tab | |
| Granted users | |
- Click .
Adding a listener
determines server connection mode (proxy, gateway, transparent, bastion) as well as its specifics.
- Select > .
- Click .
- Provide essential configuration parameters:
| Parameter | Value |
|---|---|
| General | |
| Name | telnet_listener |
| Blocked | |
| Protocol | Telnet 5250 |
| Permissions | |
| Granted users | |
| Connection | |
| Mode | proxy |
| Local address | 10.0.150.151 |
| Port | 23 |
| Use TLS | |
| Legacy crypto | |
| Server certificate | |
- Click .
Adding an account
defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.
- Select > .
- Click .
- Provide essential configuration parameters:
| Parameter | Value |
|---|---|
| General | |
| Name | admin_telnet_server |
| Blocked | |
| Type | forward |
| Session recording | all |
| Notes | |
| Data retention | |
| Override global retention settings | |
| Delete session data after | 61 days |
| Permissions | |
| Granted users | |
| Server | |
| Server | telnet_server |
| Credentials | |
| Replace secret with | with password |
| Password | |
| Repeat password | |
| Forward domain | |
- Click .
Defining a safe
directly regulates user access to monitored servers. It specifies available protocols’ features, policies and other details concerning users and servers relations.
- Select > .
- Click .
- Provide essential configuration parameters:
| Parameter | Value |
|---|---|
| General | |
| Name | telnet_safe |
| Blocked | |
| Notifications | |
| Login reason | |
| Require approval | |
| Policies | |
| Note access | |
| Protocol functionality | |
| RDP | |
| SSH | |
| VNC | |
| Permissions | |
| Granted users | |
- Select Users tab.
- Click .
- Find John and click ..
- Click .
- Select Accounts tab.
- Click .
- Find the
admin_telnet_serverobject and click .. - Click .
- Click in the Listeners column.
- Find the
telnet_listenerobject and click .. - Click .
- Click .
Establishing a telnet connection with the remote host¶
Launch telnet client of your choice.
Connect to the remote host:
telnet> open 10.0.150.151 Trying 10.0.150.151... Connected to 10.0.150.151. Escape character is '^]'.
Provide user authentication information defined on Fudo Enterprise:
Provide user authentication information defined on the target host:
FreeBSD/amd64 (fbsd83-cerb.whl) (pts/0) login: password:
Note
Telnet connections do not support user credentials substitution.
Viewing user’s session¶
- Open a web browser and go to the
10.0.150.151web address. - Enter the login and the password to log in to the Fudo Enterprise administration panel.
- Select > .
- Find John Smith’s session and click i.
Related topics: