Configure the TELNET service in linux (red hat 5.5)

1. Install the Telnet package (usually two)

1. telnet-client (or telnet). This package provides the Telnet client program;
2. telnet-server software package. This is the real telnet server software package!
Check whether these software packages are installed before installation. The method is as follows:
[Root @ wljs root] # rpm-Q Telnet
[Root @ wljs root] # rpm-Q telnet-Client
[Root @ wljs root] # rpm-Q telnet-server or rpm-Qa | grep Telnet
If no software package is detected, install it. By default, the client software package has been installed in Red Hat Linux 9. Generally, you only need to install the telnet-server software package: (Installation Package)
You can also download and install the SDK on the network)

Because the telnet service depends on the xinetd service, you must first confirm that the xinetd package is installed.

3. install the software package

CD/Media/CD name/Server

Ls | grep Telnet

# Rpm-I telnet-0.17-25.i386.rpm
# Rpm-I telnet-server-0.17-25.i386.rpm

Ii. Start the Telnet Service

1. Start the service
Method 1: Use ntsysv. In the displayed window, select Telnet and press OK!
Method 2: edit/etc/xinetd. d/telnet
# Vi/etc/xinetd. d/telnet
[Root @ test root] # vi/etc/xinetd. d/telnet
If you find disable = Yes <=, you just need to change "yes" to "no! The service is disabled by default.

2On the page, click system-Manage-server settings-service to enter service settings. Select Telnet and TFTP in on-demand services.
　　3Activate the service
Telnet is stored under xinetd. Therefore, as long as xinetd is re-activated, the settings in Xinetd can be re-read. Therefore, the configured telnet is natural.
It can also be activated.
[Root @ wljs root] # service xinetd restart

3. Set the telnet port

# Vi/etc/services
In edit mode, find telnet (??? How to find)
The following content is found:
Telnet 23/tcp
Telnet 23/udp
Modify 23 to an unused port number (for example, 2000), exit VI, restart the telnet service, and modify the default port number for telnet.

4. Telnet Root User Login

Root cannot connect to the host directly using telnet. Telnet is not very secure. By default, root cannot be allowed to telnet to the Linux host. To allow
You can use the following methods to log on as a root user:
[Root @ test/root] # vi/etc/PAM. d/login
# Auth required pam_securetty.so # Add comments to this line!

Or
# Mv/etc/securetty. Bak
In this way, the root user can directly access the Linux host. However, we recommend that you do not do this. You can also switch to the root user after entering the common user, with the root permission
Limited!

V. Telnet service restrictions

If you are not satisfied with the original default value, you can change it to a safer mechanism. Assume that Linux is a host and has two Network Ports: 192.168.0.1 and 210.45.160.17. If you want to restrict internal interfaces, the external restrictions are strict. You can set them as follows:
# Vi/etc/xinetd. d/telnet
# First, set the loose internal restrictions:
Service telnet
{Disable = no <= the default is to activate the telnet service.
Bind = 210.45.160.17 <= only packets from this adapter are allowed.
Only_from = 210.45.160.0/24 <= only hosts in the 210.45.160.0/24 CIDR block can come online to use the telnet service.
.....
}
# Restrict external connections
Service telnet

{
Disable = no <= the default is to activate the telnet service.
Bind = 192.168.0.1 <= only packets from this adapter are allowed.
Only_from = 192.168.0.0/16 <= only 192.168.0.0 ~ is allowed ~ 192.168.255.255 This CIDR block comes online using the telnet service.
Only_from = .edu.cn <= repeated settings. Only CERNET can be online!
No_access = 192.168.25. {} <= do not allow these PCs to log on
Access_times =--<= service is only available for these two periods of time every day.
......
}