Telnet + Extranet Login (adsl+ router) (VNC && Telnet && SSH) (consolidated)

Source: Internet
Author: User
Tags ssh iptables java web openssh server ssh secure shell
I want to log on to my Linux today. So you can log on to your Linux when you are in the computer room class. Oh. Using VNC to achieve it. First, the successful login on the LAN is realized. But it makes sense to have an extranet login. Then because the dormitory is using the adsl+ router's Internet access mode. Then through static ip+ port mapping can realize the extranet login. Good. Then down the comprehensive collation of the information below. (2012.05.28).
Now add this blog to the contents of Telnet and ssh telnet. This article presents a total of three remote logins for VNC telnet ssh. The contents of the extranet login remain in VNC 9th. (2012.05.31).

One: VNC remote login Configuration Learning
VNC (Virtual network Computing) is the abbreviation for a fictitious network computer. VNC is an excellent remote control tool software developed by the renowned at&t European Research Laboratory. VNC is a free open source software based on UNIX and Linux operating systems that is powerful and efficient in its ability to match the performance of any remote control software in Windows and Macs.
VNC is basically made up of two parts: a client application (vncviewer) and a server-side application (vncserver). VNC's basic operating principle and some Windows remote control software is very much like. VNC's server-side applications are highly adaptable to UNIX and Linux operating systems, and the graphical user interface is very user-friendly, and looks similar to the software interface under Windows. Computers in any Linux platform with client-installed applications (vncviewer) can be easily interconnected with computers that have server-side applications (Vncserver) installed. In addition, the server-side (Vncserver) also built a Java Web interface, so that users through the server side of the operation of other computers can be displayed through Netscape, such a process and display mode is more intuitive and convenient.

1. Confirm that VNC is installed
By default, the Red Hat Enterprise Linux Installer installs the VNC service on the system.
Confirm that VNC service is installed and view the installed VNC version
[Root@localhost ~]# Rpm-qa | grep VNC
tigervnc-server-1.0.90-0.17.20110314svn4359.el6.i686
libvncserver-0.9.7-4.el6.i686 # # #这里为我自己的情况. It doesn't matter. Just make sure your VNC installation is ready.

2. Start VNC Service
Use the Vncserver command to start the VNC service, the command format is "Vncserver: Desktop Number", where "desktop number" in the form of "digital" means that each user needs to occupy 1 desktop
An example of a desktop with a startup number of 1 is shown below
[Root@localhost ~]# Vncserver:1
You'll require a password to access your desktops.
Password:
Verify:
During the execution of the above command, because it is the first execution, a password is required to be encrypted and stored in the. VNC subdirectory (/ROOT/.VNC/PASSWD) in the user's home directory, and the Xstartup configuration file is automatically established for users in the. VNC subdirectory under the user's home directory ( /root/.vnc/xstartup), the configuration information in the file is read every time the VND service is started.
The btw:/root/.vnc/directory also has a "testdb:1.pid" file that records the process number that corresponds to the acquired operating system after the start of VNC, and the exact location of the process number when the VNC service is stopped.

The relationship between the port number used by the 3.VNC service and the desktop number
The port number used by the VNC service is related to the desktop number, and VNC uses the TCP port starting at 5900, which corresponds to the following
Desktop number is "1"----port number is 5901
Desktop number is "2"----port number is 5902
Desktop number is "3"----port number is 5903
......
The Java-based VNC client Web Services TCP port starts at 5800 and is also related to the desktop number, which corresponds to the following
Desktop number is "1"----port number is 5801
Desktop number is "2"----port number is 5802
Desktop number is "3"----port number is 5803
......
Based on the above introduction, if the Linux firewall features, you need to manually open the appropriate port, to open the desktop number of "1" the corresponding port for example, the following command
[Root@localhost ~]# iptables-i input-p tcp--dport 5901-j ACCEPT
[Root@localhost ~]# iptables-i input-p tcp--dport 5801-j ACCEPT
This only temporarily opens the port. The reboot will not open. How to get the firewall to open this port. After the execution is completed. Perform:
[root@localhost ~]# Service Iptables Save
This allows the IP filtering rules to be stored in the/etc/sysconfig/iptables.

4. Test VNC Service
The first method is to use the VNC viewer software login test, the operation process is as follows # # #这里是我自己的内网ip.
Start VNC viewer software--> Server input "92.168.1.3:5901"--> click "OK"--> password Enter login password--> Click "OK" landing to X-window graphics desktop environment- > Test Success
The second approach is to use a Web browser (such as Firefox,ie,safari) to log in to the test, the following procedure
The Address bar input http://192.168.1.3:5801/--> appears VNC viewer for Java (This tool is the VNC client program written in Java) interface, and also out of the Vnc Viewer dialog box, enter the server 192.168.1.3:5901 "click" OK "--> password Enter login password--> Click" OK "landing to X-window graphics desktop environment--> test success
(Note: VNC Viewer for Java requires JRE support, and if the page cannot be displayed, it means that the JRE is not installed, and you can download the latest JRE to the http://java.sun.com/javase/downloads/index_jdk5.jsp for installation)

5. Configure VNC Graphics desktop environment for KDE or GNOME desktop environment
If you are configured according to my previous method, landing on the desktop is very simple, only a shell to use, this is why. How do you see the lovely and beautiful KDE or GNOME desktop environment? Answer as follows
The reason it's so ugly is because VNC services use the TWM Graphics desktop environment by default, which can be modified in VNC's profile xstartup to look at the configuration file first
[Root@localhost ~]# Vim/root/.vnc/xstartup
Modify the last line of the Xstartup file to "Startkde &" and then restart the Vncserver service to log on to the KDE desktop environment
Modify the last line of the Xstartup file to "Gnome-session &" and then restart the Vncserver service to log on to the GNOME desktop environment
How to restart the Vncserver service:
[Root@localhost ~]# Vncserver-kill:1
[Root@localhost ~]# Vncserver:1

6. Configure multiple Desktops
You can start VNC on multiple desktops using the following methods
Vncserver:1
Vncserver:2
Vncserver:3
......
However, this manual-initiated approach will fail after the server restarts, so here's how to automate the system to manage multiple desktop VNC by adding information that needs to be managed automatically to the/etc/sysconfig/vncservers configuration file. Use desktop 1 for root Desktop 2 as an example for Oracle users as follows:
Format: vncservers= "desktop number: User name Desktop Number: Use username"
[Root@localhost ~]# Vi/etc/sysconfig/vncservers
vncservers= "1:root 2:zz"
vncserverargs[1]= "-geometry 1024x768"
vncserverargs[2]= "-geometry 1024x768"

7. Modify the password for VNC access
Using the command vncpasswd to change the password of VNC for different users, it is important to note that VNC with different users needs to be modified separately from the respective users, for example, in my experiment, root and Oracle users need to be modified separately, and the modification process is as follows:
[Root@localhost ~]# vncpasswd
Password:
Verify:

8. Start and stop VNC service
1 Start VNC Service command
[Root@localhost ~]#/etc/init.d/vncserver start
2) Stop VNC Service command
[Root@localhost ~]#/etc/init.d/vncserver Stop
3 Restart VNC Service command
[Root@localhost ~]#/etc/init.d/vncserver Restart
4) Set up VNC service to load automatically with system startup
The first method: Use the "NTSYSV" command to start the graphical service configuration program, add an asterisk before the Vncserver service, click OK, configuration complete.
The second approach is to use "chkconfig" to operate in command-line mode, using the following commands (for predictive chkconfig detailed usage please help yourself man)
[Root@localhost ~]# chkconfig vncserver on


9. External network Login
Actually, it's quite simple. is to do the port mapping in the router. Allow extranet access to be mapped to its own IP. Port mapping is a commonly called NAT address conversion, its function is to translate the address of the public network into a private address, the use of routing of ADSL broadband routers have a dynamic or fixed public network IP,ADSL directly connected to the hub or switch, all the computer sharing Internet.
Port mapping is a commonly called NAT address conversion, its function is to translate the address of the public network into a private address, the use of routing of ADSL broadband routers have a dynamic or fixed public network IP,ADSL directly connected to the hub or switch, all the computer sharing Internet.

VNC Remote Login Learning is temporarily summed up here. Later can be in the computer room to remote their own computers. Wow, haha.
Now in the engine room to successfully log into their own computer. Open the blog and leave this remark. Oh. (2012.05.30).

Two: Telnet configuration learning
1. Confirm Telnet and telnet-server installation. If wood is installed please install it yourself.

2. Start Telnet Service
* Open Service
Method One: Use Ntsysv, in the window that appears, will telnet to pick up, then press OK.
Method Two: Edit/etc/xinetd.d/telnet
#vi/etc/xinetd.d/telnet
[Root@localhost ~]# Vi/etc/xinetd.d/telnet
Find disable = yes<== is to change here, the yes to No can. The service preset is turned off
* Activate service
Telnet is hung under the xinetd, so naturally as long as the reactivation of the xinetd will be able to reread the settings inside the xinetd, so just set Telnet naturally can be activated.
[root@localhost ~]# Service xinetd restart

3. Testing Services
[root@localhost ~] #telnet IP (or hostname)
If configured correctly, you are prompted to enter the username and password for the remote machine
Login:
Password:
Note: Only normal users are allowed by default

4. Set Telnet port
#vi/etc/services
Look for Telnet after entering edit mode (??? How to find it)
Will find the following:
Telnet 23/tcp
Telnet 23/UDP
Change 23 to unused port number (e.g. 2000), exit VI, restart Telnet service, and the Telnet default port number is modified.

5.Telnet Service Limit
If you are not satisfied with the default values, then you can modify the mechanism to be more secure. Suppose you this Linux is a host, and he has two network interfaces, respectively, external 192.168.0.1 and internal 210.45.160.17 These two, if you want to let the internal interface restrictions are more lax, and the external restrictions are more stringent, you can set this:
#vi/etc/xinetd.d/telnet
# Start with a looser set of internal restrictions:
Service Telnet
{disable = no <== preset is to activate the Telnet service
bind = 210.45.160.17 <== only allowed through the envelope of the adapter card.
Only_from = 210.45.160.0/24 <== only allow the host of this network segment to come online to use Telnet service
.....
}
# and restrict it to external online
Service Telnet
{
Disable = no<== preset is to activate the Telnet service
bind = 192.168.0.1<== only allowed through the enclosure of this adapter card
Only_from = 192.168.0.0/16<== only allow 192.168.0.0 ~ 192.168.255.255 This segment to come online to use Telnet service
Only_from =. edu.cn<== Repeat settings, only the education network can be online.
No_access = 192.168.25. {10,26}<== Don't allow these PCs to log in
Access_times = 1:00-9:00 20:00-23:59 <== Only two hours a day to open the service
......
}

6.Telnet Login for root user
Root cannot connect to the host directly with Telnet. Telnet is not very secure, and by default it is impossible to allow root to Telnet to the Linux host. To allow root users to log in, you can use the following methods
[Root @test/root]# Vi/etc/pam.d/login
#auth Required pam_securetty.so #将这一行加上注释.
Or
# Mv/etc/securetty/etc/securetty.bak
As a result, Root will be able to go directly to the Linux host. However, it is not recommended to do so. You can also switch to root after the average user enters and have root privileges.

Three: SSH configuration learning
SSH is an alternative to telnet, rlogin, and Rsh's traditional remote login program, mainly to solve the problem of password transmission on the Internet. For system security and the user's own rights and interests, the promotion of SSH is necessary. SSH has two incompatible versions of 1.x,2.x. RedHat Linux 9 Sets the default remote administration service to OpenSSH (an SSH replacement). You do not need to reinstall the package.

1. Configure the OpenSSH server
The SSH configuration file is/etc/ssh/ssh_config and is not generally modified.
* Start the server!
#ntsysv => confirm that the hook on the front of the sshd has been hit.
* Manual Start OpenSSH:
#service sshd Start
#service sshd Restart (reboot)
* Stop server:
#service sshd Stop

2. Using the OpenSSH client
Redhat Linux 9 by default, OPENSSH clients are installed, and there are two types of authentication that can be used when connecting clients and servers: password-based authentication and a cryptographic method based on encryption keys. Windows recommends using the SECURECRT or SSH Secure Shell non-commercial version.
* Password-based authentication method
This authentication method requires the user to enter a user name and password. If you do not specify a user name and password, the user name currently on the client computer is used by default.
Example 1: Direct landing
[Root@wljs/] #ssh 210.45.160.17
The login username is the client's current username.
Example 2: Specify User name Login
[Root@wljs/] #ssh wwz@210.45.160.17
OR: [Root@wljs/] #ssh –l wwz 210.45.160.17
The system will prompt you for a username and password when the above procedure is complete.
* Based on the encryption key authentication method
Using the key authentication method, users first need to create a pair of keys for themselves: Public key and private key. (The public key is used on the server to log in)
OpenSSH Public Key Password system has RSA, DSA.
To create a secret key:
Example: [Root@wljs/] #ssh-keygen–t RSA
Enter the password when using the key when entering a carriage. This generates the public key and the private key: placed in the user's home directory under the. SSH directory, filename: id_rsa.pub and id_rsa! must copy the public key to the landing server ~/.ssh/directory, and renamed to: Authorized_keys! Then, You can use the key method to log in.
#ssh [–l username] IP address or host name

Frequently used commands on 3.OpenSSH
* Do not log on remote system use command
#ssh 210.45.160.17 [command] [parameters]
* Transfer of files between the local system and the remote system
#scp a.txt Root@210.45.160.17:/b.txt
#scp Root@210.45.160.17:/b.txt/c.txt
*SFTP command
The SFTP command is similar to the FTP command, which is a small tool for network transfer files provided by OpenSSH, which is more secure and uses similar commands as ftp: There are several main:
* Landing
#ftp 210.45.160.17
Open and close of *FTP session
Opening: Open 210.45.160.27
OFF: Close
* Transmission of files
To get files from an FTP server:
Get A.txt
To place files on FTP
Put A.txt
* Exit FTP
Bye
* Other
Bell: The computer rings once each command completes
Some common commands, such as CDs, LS, can also be used in the FTP server directory.

Telnet and SSH are much simpler than you might think. Oh. (2012.05.31).

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.