CentOS Open Telnet Service

Original address: 4540778

Server: CentOS-5.1 (192.168.1.87)
Client: FC6 (192.168.1.86) Windows XP (192.168.1.88)

Although the plaintext transmission of Telnet has a great security risk, and now basically has been replaced by SSH, but in order to learn it is necessary to understand, well, get to the point

Experiment Name: Telnet Server configuration

First, install the Telnet package (typically two).
　　
1, telnet-client (or Telnet), this package is provided by the Telnet client program;
2, is the Telnet-server software package, this is the real Telnet Server package!
Before installing, check whether these packages are installed, as follows:
[[email protected] root] #rpm –qa |grep telnet
Telnet-server-0.17-38.e15
If the package is not detected and needs to be installed, CentOS server mode has the Telnet package installed by default, but the server requires the Telnet-server package to be installed.

Package is also available on the network for download and installation on the disc)

I am a hard drive installation of the CentOS system, so will mount the hard disk partition and then mount the image, disc installation method similar!

[[email protected] Root]mount/dev/hda6/mnt/da #da是我在 the directory created under/MNT, HDA6 partition is the location of the CentOS image
[Email protected] root]mount-t Iso9660-o loop/mnt/da/centos-5.1-i386-bin-dvd.iso/mnt/iso #iso目录也是我建的
[Email protected] Root]cd/mnt/iso/centos #这个目录是rpm包所在的目录
[Email protected] ROOT]RPM-IVH telnet-server-0.17-38.e15.rpm
The Telnet Server package is installed on it, so let's take a look at it now.
[[email protected] root] #rpm –qa |grep telnet
Telnet-0.17-38.e15
Telnet-server-0.17-38.e15

Second, start the Telnet service
　　
1. Open service
Method One: Use Ntsysv, in the window that appears, the Telnet is selected, and then press OK!
Method Two: Edit/etc/xinetd.d/telnet
[Email protected] root]# vi/etc/xinetd.d/telnet
Find disable = yes<== is to change here, will change yes to No! Service presets are off
Method Three: Use the Chkconfig command to open directly
[[Email protected] root]chkconfig Telnet on
2. Activation Service
Telnet is hung under the xinetd, so naturally just reactivate xinetd will be able to re-read the xinetd inside the settings, so just set the telnet nature

can be activated as well.
[Email protected] root]# service xinetd restart
or [[email protected] root]#/etc/rc.d/init.d/xinetd restart #这个是比较正规的方法

Third, testing services
　　
[[email protected] root] #telnet localhost
If configured correctly, you are prompted to enter the user name and password for the remote machine
Login:
Password:
Note: The default is to allow only ordinary users, so you can set up a normal user to do the test, but you can also use the following method to solve the root access problem

Login for Telnet root user
　　
Root cannot connect directly to the host computer with Telnet. Telnet is not very secure, and by default it is not possible to allow root to log on to the Linux host with Telnet. To

Allows the root user to log in, the following methods can be used
[Email protected] root]# Vi/etc/pam.d/login
#auth Required pam_securetty.so #将这一行加上注释!
Or
# Mv/etc/securetty/etc/securetty.bak
This will allow root to go directly to the Linux host. However, it is not recommended to do so. You can also switch to the root user after the normal user enters, with root privileges!

Iv. Client Access Experiments

Base because of Linux in order to improve the security of Telnet and prevent unauthorized users from exploiting Telnet bug
Let's look at two types of errors:
The first type:
[[Email protected] ~]# Telnet 192.168.1.87
Trying 192.168.1.87 ...
Telnet:connect to address 192.168.1.87:no route to host
Telnet:unable to connect-to-remote host:no route to host

Workaround: The firewall does not allow the Telnet service, the connection is blocked, the default CentOS only allows SSH, so go to its custom options, before Telnet tick!

The second Kind
[[Email protected] xinetd.d]# Telnet 172.25.1.3
Trying 172.25.1.3 ...
Connected to 172.25.1.3 (172.25.1.3).
Escape character is ' ^] '.
Getnameinf localhost:success
Temporary failure in name Resolution:illegal seek
Connection closed by foreign host.

This one is the/etc/hosts file configuration problem
Workaround: I add two IP address in it, the content is as follows:

[Email protected] ~]$ more/etc/hosts
# don't remove the following line, or various programs
# that require network functionality would fail.
127.0.0.1localhost.localdomainlocalhost
:: 1localhost6.localdomain6localhost6
192.168.1.88
192.168.1.86
Description: Because the client's name is not written in the letter, the content format should be 127.0.0.1 Pcname

Summary: Remember to use Telnet 1. Turn on firewall restrictions on Telnet 2./etc/hosts restrictions on clients 3. Note/etc/hosts.allow and/etc/hosts.deny two files

Content, it is possible to restrict access, here is just LAN test does not say much.

V. Telnet Service Limitations
　　
If you are not satisfied with the original default value, then you can change it to a more secure mechanism. Let's say you're a Linux host, and he has two network interfaces, each of which is

External 192.168.0.1 and internal 212.45.16.5 These two, if you want to make the internal interface restrictions are relatively loose, and the external restrictions are more stringent, you can set up:
#vi/etc/xinetd.d/telnet
# First set up for the looser restrictions on internal:
Service Telnet
{disable = no <== preset is to activate Telnet service
bind = 212.45.16.5 <== only allow packets to come in through this adapter card
Only_from = 212.45.16.0/24 <== only allow hosts that 210.45.160.0/24 this segment to come online using Telnet service
.....
}
# then limit the external online
Service Telnet
　　
{
Disable = no<== preset is to activate Telnet service
Bind = 192.168.0.1<== only allows packets to come in through this adapter card
Only_from = 192.168.0.0/16<== only allow 192.168.0.0 ~ 192.168.255.255 This segment to come online using Telnet service
Only_from =. edu.cn<== Repeat settings, only education network can be online!
No_access = 192.168.25. {10,26}<== Don't allow these PCs to log in
Access_times = 1:00-9:00 20:00-23:59 <== Only two hours a day
......
}

CentOS Open Telnet Service