Telnet and SSH services in Linux

Source: Internet
Author: User
Tags openssh server

To configure the telnet service, follow these steps:

  1. Install the Telnet package (usually two ).

1. telnet-client (or telnet). This package provides the Telnet client program;

2. It is the telnet-server software package. This is the real telnet server software package!

Check whether these software packages are installed before installation. The method is as follows:

[Root @ wljs root] # rpm-Q Telnet

[Root @ wljs root] # rpm-Q telnet-Client

[Root @ wljs root] # rpm-Q telnet-Server

If no software package is detected, install it. By default, the client package is installed in Red Hat Linux9. Generally, you only need to install the telnet-server package:

1. download the software package from my FTP:

In the virtual console, enter:

[Root @ wljs root] # ftp 210.45.160.27

Name: ftp

Password: ftp

Ftp> Cd Linux

Ftp> ls

Ftp> Get telnet-0.17-25.i386.rpm

Ftp> Get telnet-server-0.17-25.i386.rpm

Ftp> bye

2. install the software package

# Rpm-I telnet-0.17-25.i386.rpm

# Rpm-I telnet-server-0.17-25.i386.rpm

  Ii. Start the Telnet Service

1. Start the service

Method 1: Use ntsysv. In the displayed window, select Telnet and press OK!

Method 2: edit/etc/xinetd. d/telnet

# Vi/etc/xinetd. d/telnet

[Root @ test root] # vi/etc/xinetd. d/telnet

If you find disable = Yes <=, you just need to change "yes" to "no! The service is disabled by default.

2. Activate the service

Telnet is stored under xinetd. Therefore, as long as xinetd is re-activated, the settings in Xinetd can be re-read. Therefore, the configured Telnet can be activated.

[Root @ wljs root] # service xinetd restart

  Iii. Test services

[Root @ wljs root] # telnet IP (or hostname)

If the configuration is correct, the system prompts you to enter the user name and password of the remote machine.

Login:

Password:

Note: Only common users are allowed by default.

  4. Set the telnet port

# Vi/etc/services

In edit mode, find telnet (??? How to find)

The following content is found:

Telnet 23/tcp

Telnet 23/udp

Modify 23 to an unused port number (for example, 2000), exit VI, restart the telnet service, and modify the default port number for telnet.

  V. Telnet service restrictions

If you are not satisfied with the original default value, you can change it to a safer mechanism. Assume that Linux is a host and has two network interfaces: 192.168.0.1 and 210.45.160.17. If you want to restrict internal interfaces, the external restrictions are strict. You can set them as follows:

# Vi/etc/xinetd. d/telnet

# First, set the loose internal restrictions:

Service telnet

{Disable = No <= the default is to activate the telnet service.

Bind = 210.45.160.17 <= only packets from this adapter are allowed.

Only_from = 210.45.160.0/24 <= only hosts in the 210.45.160.0/24 CIDR block can come online to use the telnet service.

.....

}

# Restrict external connections

Service telnet

{

Disable = No <= the default is to activate the telnet service.

Bind = 192.168.0.1 <= only packets from this adapter are allowed.

Only_from = 192.168.0.0/16 <= only 192.168.0.0 ~ is allowed ~ 192.168.255.255 This CIDR block comes online using the telnet service.

Only_from = .edu.cn <= repeated settings. Only CERNET can be online!

No_access = 192.168.25. <= do not allow these PCs to log on

Access_times =--<= service is only available for these two periods of time every day.

......

}

  Vi. login from telnet Root User

Root cannot connect to the host directly using telnet. Telnet is not very secure. By default, root cannot be allowed to telnet to the Linux host. To allow the root user to log on, use the following methods:

[Root @ test/root] # vi/etc/PAM. d/login

# Auth required pam_securetty.so # Add comments to this line!

Or

# Mv/etc/securetty. Bak

In this way, the root user can directly access the Linux host. However, we recommend that you do not do this. You can also switch to the root user after entering the common user, with the root permission!

  Secure SSH

SSH is a tool used to replace traditional remote login programs such as telnet, rlogin, and RSH. It mainly aims to solve the problem of plaintext transmission of passwords on the Internet. To ensure system security and users' own rights and interests, it is necessary to promote ssh. SSH has two incompatible versions: 1.xand 2.x! Redhatlinux 9 sets the default Remote Management Service to OpenSSH (an alternative to SSH ). You do not need to reinstall the software package!

  1. Configure the OpenSSH server

1. the SSH configuration file is/etc/ssh/ssh_config. Do not modify it!

2. Start the server!

# Ntsysv => check that the above sshd has been checked!

3. Start OpenSSH manually:

# Service sshd start

# Service sshd restart (restart)

4. Stop the server:

# Service sshd stop

  Ii. Use the OpenSSH Client

By default, OpenSSH client is installed in RedHat Linux 9. When connecting the client and server, you can use two verification methods: Password-based authentication and key-based authentication!

1. Password-based authentication

This authentication method requires the user to enter the user name and password! If the user name and password are not specified, the user name on the client is used by default!

Example 1: Direct Login

[Root @ wljs/] # SSH 210.45.160.17

The login user name is the current user name of the client!

Example 2: Log On with the specified user name

[Root @ wljs/] # SSH wwz@210.45.160.17

Or: [root @ wljs/] # ssh-l wwz 210.45.160.17

After the above process is completed, the system will prompt you to enter the user name and password!

2. Key-based verification

To use the key verification method, you must first create a pair of keys for yourself: public keys and private keys. (The Public Key is used on the server to log on)

OpenSSH public keys include RSA and DSA!

Create a key:

Example: [root @ wljs/] # ssh-keygen-T RSA

Enter the password when you press Enter! In this way, the public key and private key are generated: put in the. Ssh directory of the user's main directory, file name: id_rsa.pub and id_rsa! The public key must be copied to ~ /. Ssh/directory, and renamed it authorized_keys! Then, you can use the key to log on!

# SSH [-l username] IP address or host name

  3. Common commands on OpenSSH

1. Do not log on to the remote system and use commands

# SSH 210.45.160.17 [command] [parameter]

2. File Transfer between local and remote systems

# Scp a. txt root@210.45.160.17:/B .txt

# SCP root@210.45.160.17:/B .txt/c.txt

3. SFTP command

The SFTP command is similar to the FTP command. It is a tool for transferring files over the network provided by OpenSSH. it is safer to use commands similar to FTP:

1. Login

# Ftp 210.45.160.17

2. Enable and disable an FTP session

Open: Open 210.45.160.27

Close: Close

3. file transmission

Obtain the file from the FTP server:

Get a.txt

Put files on FTP

Put a.txt

4. Exit FTP

Bye

5. Others

BELL: after each command is executed, the computer rings once.

Some Common commands such as CD and LS can also be used in the FTP server directory!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.