Enable telnet for centos

CentOS-5.1 (192.168.1.87)
Client: fc6 (192.168.1.86) Windows XP (192.168.1.88)

Although Telnet plaintext transmission poses a great security risk and is now basically replaced by SSH, it is still necessary to learn more.

Lab name: Telnet Server Configuration

1. Install the Telnet package (usually two ).
　　
1. telnet-client (or telnet). This package provides the Telnet client program;
2. It is the telnet-server software package. This is the real telnet server software package!
Check whether these software packages are installed before installation. The method is as follows:
[Root @ linuxchao root] # rpm-Qa | grep Telnet
Telnet-server-0.17-38.e15
If no software package is detected, install it. By default, the Telnet software package is installed in centos server mode, but the telnet-server software package is required for the server (Installation

The package can also be downloaded and installed on the network)

I am a centos system installed on a hard disk, so I will mount the image after attaching the hard disk partition. The method for installing the CD is similar!

[Root @ linuxchao root] Mount/dev/hda6/mnt/da # Da is the directory created under/mnt. The hda6 partition is where the centos image is located.
[Root @ linuxchao root] Mount-T iso9660-o loop/mnt/DA/CentOS-5.1-i386-bin-DVD.iso/mnt/ISO # The ISO directory is also created by me
[Root @ linuxchao root] cd/mnt/ISO/centos # This directory is where the RPM package is located
[Root @ linuxchao root] rpm-IVH telnet-server-0.17-38.e15.rpm
The telnet server software package has been installed above. check it now.
[Root @ linuxchao root] # rpm-Qa | grep Telnet
Telnet-0.17-38.e15
Telnet-server-0.17-38.e15

Ii. Start the Telnet Service
　　
1. Start the service
Method 1: Use ntsysv. In the displayed window, select Telnet and press OK!
Method 2: edit/etc/xinetd. d/telnet
[Root @ linuxchao root] # vi/etc/xinetd. d/telnet
If you find disable = Yes <=, you just need to change "yes" to "no! The service is disabled by default.
Method 3: Use the chkconfig command to directly enable
[Root @ linuxchao root] chkconfig telnet on
2. Activate the service
Telnet is stored under xinetd. Therefore, as long as xinetd is re-activated, the settings in Xinetd can be re-read. Therefore, the configured telnet is natural.

It can also be activated.
[Root @ linuxchao root] # service xinetd restart
Or [root @ linuxchao root] #/etc/rc. d/init. d/xinetd restart # This is a more formal method.

Iii. Test services
　　
[Root @ linuxchao root] # telnet localhost
If the configuration is correct, the system prompts you to enter the user name and password of the remote machine.
Login:
Password:
Note: by default, only common users are allowed. Therefore, you can create a common user for testing. However, you can solve the problem of root access through the following methods:

Telnet Root User Login
　　
Root cannot connect to the host directly using telnet. Telnet is not very secure. By default, root cannot be allowed to telnet to the Linux host. To

Allow the root user to log on. The following methods are available:
[Root @ linuxchao root] # vi/etc/PAM. d/login
# Auth required pam_securetty.so # Add comments to this line!
Or
# Mv/etc/securetty. Bak
In this way, the root user can directly access the Linux host. However, we recommend that you do not do this. You can also switch to the root user after entering the common user, with the root permission!

Iv. Client Access lab

The reason is that for Linux to improve Telnet security and prevent unauthorized users from using telnet
Let's take a look at the two errors:
First:
[Root @ linuxchao ~] # Telnet 192.168.1.87
Trying 192.168.1.87...
TELNET: connect to address 192.168.1.87: No route to host
TELNET: Unable to connect to remote host: No route to host

Solution: In this case, the firewall does not allow the telnet service and the connection is blocked. By default, centos only supports SSH, so you can enter the custom options and check the password before Telnet!

Second
[Root @ test xinetd. d] # telnet 172.25.1.3
Trying 172.25.1.3...
Connected to 172.25.1.3 (172.25.1.3 ).
Escape Character is '^]'.
Getnameinf localhost: Success
Temporary failure in name resolution: Illegal seek
Connection closed by foreign host.

This is the configuration of the/etc/hosts file.
Solution: I add two IP addresses to the address. The content is as follows:

[Linuxchao @ localhost ~] $ More/etc/hosts
# Do not remove the following line, or various programs
# That require Network functionality will fail.
127.0.0.1localhost.localdomainlocalhost
: 1localhost6. localdomain6localhost6
192.168.1.88
192.168.1.86
Note: The client name is not written because it is hard to remember. The content format should be 127.0.0.1 pcname.

Conclusion: remember 1 when using telnet. enable the firewall's limitations on Telnet 2. /etc/hosts restrictions on the client 3. note:/etc/hosts. allow and/etc/hosts. two deny files

The content in may restrict access. Here, the LAN test won't be too much.

V. Telnet service restrictions
　　
If you are not satisfied with the original default value, you can change it to a safer mechanism. Assume that Linux is a host and has two network interfaces:

192.168.0.1 and 212.45.16.5 can be set as follows:
# Vi/etc/xinetd. d/telnet
# First, set the loose internal restrictions:
Service telnet
{Disable = No <= the default is to activate the telnet service.
Bind = 212.45.16.5 <= only packets from this adapter are allowed.
Only_from = 212.45.16.0/24 <= only hosts in the 210.45.160.0/24 network segment can come online to use the telnet service.
.....
}
# Restrict external connections
Service telnet
　　
{
Disable = No <= the default is to activate the telnet service.
Bind = 192.168.0.1 <= only packets from this adapter are allowed.
Only_from = 192.168.0.0/16 <= only 192.168.0.0 ~ is allowed ~ 192.168.255.255 This CIDR block comes online using the telnet service.
Only_from = .edu.cn <= repeated settings. Only CERNET can be online!
No_access = 192.168.25. {} <= do not allow these PCs to log on
Access_times =--<= service is only available for these two periods of time every day.
......
}