To configure the telnet service, follow these steps:
1. Install the Telnet package (usually two ).
1. telnet-client (or telnet). This package provides the Telnet client program;
2. It is the telnet-server software package. This is the real telnet server software package!
Check whether these software packages are installed before installation. The method is as follows:
[Root @ wljs root] # rpm-Q Telnet
[Root @ wljs root] # rpm-Q telnet-Client
[Root @ wljs root] # rpm-Q telnet-Server
If no software package is detected, install it. By default, the client package is installed in Red Hat Linux9. Generally, you only need to install the telnet-server package:
1. download the software package from my FTP:
In the virtual console, enter:
[Root @ wljs root] # ftp 210.45.160.27
Name: ftp
Password: ftp
Ftp> Cd Linux
Ftp> ls
Ftp> Get telnet-0.17-25.i386.rpm
Ftp> Get telnet-server-0.17-25.i386.rpm
Ftp> bye
2. install the software package
# Rpm-I telnet-0.17-25.i386.rpm
# Rpm-I telnet-server-0.17-25.i386.rpm
Ii. Start the Telnet Service
1. Start the service
Method 1: Use ntsysv. In the displayed window, select Telnet and press OK!
Method 2: edit/etc/xinetd. d/telnet
# Vi/etc/xinetd. d/telnet
[Root @ test root] # vi/etc/xinetd. d/telnet
If you find disable = Yes <=, you just need to change "yes" to "no! The service is disabled by default.
2. Activate the service
Telnet is stored under xinetd. Therefore, as long as xinetd is re-activated, the settings in Xinetd can be re-read. Therefore, the configured Telnet can be activated.
[Root @ wljs root] # service xinetd restart
Iii. Test services
[Root @ wljs root] # telnet IP (or hostname)
If the configuration is correct, the system prompts you to enter the user name and password of the remote machine.
Login:
Password:
Note: Only common users are allowed by default.
4. Set the telnet port
# Vi/etc/services
In edit mode, find telnet (??? How to find)
The following content is found:
Telnet 23/tcp
Telnet 23/udp
Modify 23 to an unused port number (for example, 2000), exit VI, restart the telnet service, and modify the default port number for telnet.
V. Telnet service restrictions
If you are not satisfied with the original default value, you can change it to a safer mechanism. Assume that Linux is a host and has two network interfaces: 192.168.0.1 and 210.45.160.17. If you want to restrict internal interfaces, the external restrictions are strict. You can set them as follows:
# Vi/etc/xinetd. d/telnet
# First, set the loose internal restrictions:
Service telnet
{Disable = No <= the default is to activate the telnet service.
Bind = 210.45.160.17 <= only packets from this adapter are allowed.
Only_from = 210.45.160.0/24 <= only hosts in the 210.45.160.0/24 CIDR block can come online to use the telnet service.
.....
}
# Restrict external connections
Service telnet
{
Disable = No <= the default is to activate the telnet service.
Bind = 192.168.0.1 <= only packets from this adapter are allowed.
Only_from = 192.168.0.0/16 <= only 192.168.0.0 ~ is allowed ~ 192.168.255.255 This CIDR block comes online using the telnet service.
Only_from = .edu.cn <= repeated settings. Only CERNET can be online!
No_access = 192.168.25. <= do not allow these PCs to log on
Access_times =--<= service is only available for these two periods of time every day.
......
}
Vi. login from telnet Root User
Root cannot connect to the host directly using telnet. Telnet is not very secure. By default, root cannot be allowed to telnet to the Linux host. To allow the root user to log on, use the following methods:
[Root @ test/root] # vi/etc/PAM. d/login
# Auth required pam_securetty.so # Add comments to this line!
Or
# Mv/etc/securetty. Bak
In this way, the root user can directly access the Linux host. However, we recommend that you do not do this. You can also switch to the root user after entering the common user, with the root permission!
Secure SSH
SSH is a tool used to replace traditional remote login programs such as telnet, rlogin, and RSH. It mainly aims to solve the problem of plaintext transmission of passwords on the Internet. To ensure system security and users' own rights and interests, it is necessary to promote ssh. SSH has two incompatible versions: 1.xand 2.x! Redhatlinux 9 sets the default Remote Management Service to OpenSSH (an alternative to SSH ). You do not need to reinstall the software package!
1. Configure the OpenSSH server
1. the SSH configuration file is/etc/ssh/ssh_config. Do not modify it!
2. Start the server!
# Ntsysv => check that the above sshd has been checked!
3. Start OpenSSH manually:
# Service sshd start
# Service sshd restart (restart)
4. Stop the server:
# Service sshd stop
Ii. Use the OpenSSH Client
By default, OpenSSH client is installed in RedHat Linux 9. When connecting the client and server, you can use two verification methods: Password-based authentication and key-based authentication!
1. Password-based authentication
This authentication method requires the user to enter the user name and password! If the user name and password are not specified, the user name on the client is used by default!
Example 1: Direct Login
[Root @ wljs/] # SSH 210.45.160.17
The login user name is the current user name of the client!
Example 2: Log On with the specified user name
[Root @ wljs/] # SSH wwz@210.45.160.17
Or: [root @ wljs/] # ssh-l wwz 210.45.160.17
After the above process is completed, the system will prompt you to enter the user name and password!
2. Key-based verification
To use the key verification method, you must first create a pair of keys for yourself: public keys and private keys. (The Public Key is used on the server to log on)
OpenSSH public keys include RSA and DSA!
Create a key:
Example: [root @ wljs/] # ssh-keygen-T RSA
Enter the password when you press Enter! In this way, the public key and private key are generated: put in the. Ssh directory of the user's main directory, file name: id_rsa.pub and id_rsa! The public key must be copied to ~ /. Ssh/directory, and renamed it authorized_keys! Then, you can use the key to log on!
# SSH [-l username] IP address or host name
3. Common commands on OpenSSH
1. Do not log on to the remote system and use commands
# SSH 210.45.160.17 [command] [parameter]
2. File Transfer between local and remote systems
# Scp a. txt root@210.45.160.17:/B .txt
# SCP root@210.45.160.17:/B .txt/c.txt
3. SFTP command
The SFTP command is similar to the FTP command. It is a tool for transferring files over the network provided by OpenSSH. it is safer to use commands similar to FTP:
1. Login
# Ftp 210.45.160.17
2. Enable and disable an FTP session
Open: Open 210.45.160.27
Close: Close
3. file transmission
Obtain the file from the FTP server:
Get a.txt
Put files on FTP
Put a.txt
4. Exit FTP
Bye
5. Others
BELL: after each command is executed, the computer rings once.
Some Common commands such as CD and LS can also be used in the FTP server directory!