Enable FTP and Telnet services under RedHat, and enable root user logon to telnet

Source: Internet
Author: User

I am learning how to use the libcurl library. I want to test the FTP and telnet protocols in libcurl. However, for security reasons, the FTP and Telnet services in RedHat 5.3 are disabled by default. We need to enable it ourselves.

(1) install xinetd

Both FTP and telnet are mounted under the xinetd service. First, check whether xinetd is installed. By default, xinetd is not installed.

# Rpm-Qa | grep xinetd

From the execution results can be seen that the system by default is not installed Xinetd, first install Xinetd, the installation file can be found in the RedHat installation CD, xinetd-2.3.14-10.el5.i386.rpm.

# Rpm-uvh xinetd-2.3.14-10.el5.i386.rpm
Warning: xinetd-2.3.14-10.el5.i386.rpm: Header V3 DSA Signature: nokey, key ID 37017186
Preparing... ######################################## ### [100%]
1: xinetd ####################################### #### [100%]
[Root @ dhcp_host ~] # Rpm-Qa | grep xinetd
Xinetd-2.3.14-10.el5 // you can see that the installation is successful
[Root @ dhcp_host ~] # Service xinetd status
Xinetd is stopped // use the service command to view the xinetd status, which is disabled.
[Root @ dhcp_host ~] # Service xinetd start
Starting xinetd: [OK] // use the service command to enable xinetd

(2) modify the FTP and telnet configuration files

Under the/etc/xinetd. d directory, the configuration files of various services under xinetd are saved.

# Cd/etc/xinetd. d/
# Ls

Chargen-dgram daytime-dgram discard-stream eklogin Klogin ktalk time-dgram
Chargen-stream daytime-stream echo-dgram ekrb5-telnet rsync time-stream
CVS discard-dgram echo-stream gssftp kshell tcpmux-Server

Edit the krb5-telnet and gssftp files, change disable = yes to disable = No, then restart Xinetd, and then restart the service after modifying the configuration file.

# Service xinetd restart
Stopping xinetd: [OK]
Starting xinetd: [OK]

(3) "Unencrypted connection refused. Goodbye ."

In the/etc/xinetd. d/directory there are two Telnet ekrb5-telnet and krb5-telnet, what is the difference? Ekrb5-telnet is an encrypted Telnet service, if open, then the default telnet is encrypted, so we login is will have such an error, so you need to close this service, modify/etc/xinetd. d/disable = yes in the ekrb5-telnet, and then restart xinetd.

Before using Kerberos 5 to authenticate and encrypt Telnet sessions, you must first build a Kerberos server.

(4" 530 must perform authentication before identifying user"Error prompt

Modify the/etc/xinetd. d/gssftp file, delete-A after server_args, and restart the xinetd service.

Service ftp
{
Flags = Reuse
Socket_type = stream
Wait = No
User = root
Server =/usr/Kerberos/sbin/ftpd
# Server_args =-l-
Server_args =-l

Log_on_failure + = userid
Disable = No
}

(5) Enable the root user's telnet permission
(1) confirm the pam_securetty.so line in/etc/PAM. d/login and comment out "#"

[Root @ rhel52/] # Vim/etc/PAM. d/login
# % PAM-1.0
# Auth [user_unknown = ignore success = OK ignore = ignore default = bad] pam_securetty.so
Auth include system-auth
Account required pam_nologin.so
Account include system-auth
Password include system-auth
# Pam_selinux.so close shocould be the first session rule
Session required pam_selinux.so close
Session include system-auth
Session required pam_loginuid.so
Session Optional pam_lele.so
# Pam_selinux.so open shoshould only be followed by sessions to be executed in
User Context
Session required pam_selinux.so open
Session Optional pam_keyinit.so force revoke

(2) set it in the/etc/securetty file through the Telnet Console

[Root @ rhel52/] # Vim/etc/securetty
Console
VC/1
VC/2
VC/3
Tty1
Tty2
Tty3
Tty4
Tty5
...
PTS/0
PTS/1
PTS/2
PTS/3
PTS/4

Append "pts/0 .... PTS/N ", the reference materials are wrong, you need to add from pts/0, if you need to log on to a lot of people, the next n will be relatively large, otherwise it will not be able to log on.

References: http://blog.chinaunix.net/u3/111320/showart_2170267.html

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.