From ArchWiki

From Wikipedia:

Telnet (short for "teletype network") is a client/server application protocol that provides access to virtual terminals of remote systems on local area networks or the Internet.

Today, telnet is rarely used due to security concerns and is often only used for legacy software and hardware, for information on how to mitigate the security issues see #Security concerns.


Install the inetutils package which includes a telnet client, a telnet server with systemd service and sockets.

To configure a telnet server with xinetd, install xinetdAUR as well.


To enable telnet server connections in systemd, enable telnet.socket (if the telnet server should be started on every boot), and start telnet.socket to test connectivity.

To enable telnet server connections in xinetd, edit /etc/xinetd.d/telnet, change disable = yes to disable = no and restart the xinetd service.

Enable systemd xinetd service if you wish to start it at boot time.

Testing the setup

Try opening a telnet connection to your server:

$ telnet localhost

Try a root login to see if your configuration permits it and the security implications that implies.

If the session disconnects before you receive a login prompt, try installing inetutils-gitAUR in place of the current inetutils and restarting telnet.socket.

Tip: If you receive junk codes from a remote telnet server sending non-ascii chars with a non-unicode encoding, you might want to try luit to solve this problem.

Tips and tricks

Security concerns

Telnet is a plain text protocol which does not support TLS encryption. Data can be easily intercepted and modified therefore should not be used on production servers, or to transmit sensitive data.

There are attempts to mitigate said security concerns, see #Netkit and #Tunneling for mitigations.


You can use netkit-telnet-sslAUR which modifies the protocol to support TLS encryption.


You can use a VPN or SSH to create an encrypted tunnel for the telnet traffic between two devices, or networks.

Note: The telnet traffic will only be encrypted while it is within the encrypted tunnel, ensure the network or device it is tunneled to is secure.