1. sudoapt-getinstallxinetdtelnetd2. after the installation is successful, the system prompts sudovi/etc/inetd. conf and add the following line telnetstreamtcpnowaittelnetd/usr/sbin/tcpd/usr/sbin/in. telnetd3 ....
1. sudo apt-get install xinetd telnetd
2. after the installation is successful, the system will prompt accordingly,
Sudo vi/etc/inetd. conf and add the following line
Telnet stream tcp nowait telnetd/usr/sbin/tcpd/usr/sbin/in. telnetd
3. add the following content to sudo vi/etc/xinetd. conf:
# Simple configuration file for xinetd
#
# Some ULTS ults, and include/etc/xinetd. d/
ULTS
{
# Please note that you need a log_type line to be able to use log_on_success
# And log_on_failure. The default is the following:
# Log_type = SYSLOG daemon info
Instances = 60
Log_type = SYSLOG authpriv
Log_on_success = HOST PID
Log_on_failure = HOST
Cps = 25 30
}
Includedir/etc/xinetd. d
4. add the following content to sudo vi/etc/xinetd. d/telnet:
# Default: on
# Description: The telnet server serves telnet sessions; it uses \
# Unencrypted username/password pairs for authentication.
Service telnet
{
Disable = no
Flags = REUSE
Socket_type = stream
Wait = no
User = root
Server =/usr/sbin/in. telnetd
Log_on_failure + = USERID
}
5. restart the machine or restart the network service sudo/etc/init. d/xinetd restart
6. use the TELNET client to remotely log on to non-root users.
7. log on to mv/etc/securetty. bak as root. You can also:
Modify the/etc/pam. d/login file. Just comment out the following line.
# Auth required lib/security/pam_securetty.so
8. detailed configuration:/etc/xinetd. d/telnet
Service telnet
{
Disable = no
Bind = 192.168.1.2
Only_from = 192.168.1.0/24
# The above two lines show that only intranet segments are provided!
Instance = UNLIMITED
Nice = 0
Flags = REUSE
Socket_type = stream
Wait = no
User = root
# Server =/usr/sbin/telnetd
Server =/usr/sbin/in. telnetd
Server_args =-a none
Log_on_failure + = USERID
}
Service telnet
{
Disable = no
Bind = 140.116.142.196
Only_from = 140.116.0.0/16
No_access = 140.116.32. {10, 26}
# The above three lines set stricter external restrictions on www.2cto.com
Instance = 10
Umask = 022
Nice = 10
Flags = REUSE
Socket_type = stream
Wait = no
User = root
# Server =/usr/sbin/telnetd
Server =/usr/sbin/in. telnetd
Log_on_failure + = USERID
}
9. add the firewall iptables:
To enable telnet for the IP address range 192.168.0.0/24 and IP address 61. xxx, add the following rules:
/Sbin/iptables-a input-p tcp-I eth0-s 192.168.0.0/24 -- dport 23-j ACCEPT
/Sbin/iptables-a input-p tcp-I eth0-s 61. xxx -- dport 23-j ACCEPT
/Sbin/iptables-a input-p tcp-I eth0 -- dport 23-j DROP
10. add a firewall/etc/hosts. allow (deny) mechanism:
The CIDR block 192.168.0.0/24 is enabled, but if you only want ~ Enter 192.168.0.5 and you can set it as follows:
Vi/etc/hosts. allow
In. telnetd: 192.168.0.1, 192.168.0.2, 192.168.0.3, 192.168.0.4, 192.168.0.5: allow
From hanxuedog