1. sudo apt-get install xinetd telnetd
2. After the installation is successful, the system will be prompted accordingly.
sudo vi/etc/inetd.conf and add the following line
Telnet Stream TCP nowait telnetd/usr/sbin/tcpd/usr/sbin/in.telnetd
3. sudo vi/etc/xinetd.conf and add the following:
# Simple configuration file for xinetd
#
# Some defaults, and include/etc/xinetd.d/
Defaults
{
# Please note the need a log_type line to be able to use log_on_success
# and Log_on_failure. The default is the following:
# log_type = SYSLOG Daemon Info
instances = 60
Log_type = SYSLOG Authpriv
log_on_success = HOST PID
Log_on_failure = HOST
CPS = 25 30
}
Includedir/etc/xinetd.d
4. sudo vi/etc/xinetd.d/telnet and add the following:
# Default:on
# description:the Telnet Server serves Telnet sessions; It uses \
# unencrypted Username/password pairs for authentication.
Service Telnet
{
Disable = no
Flags = Reuse
Socket_type = Stream
wait = no
user = root
Server =/usr/sbin/in.telnetd
Log_on_failure + = USERID
}
5. Restart the machine or restart the network service sudo/etc/init.d/xinetd restart
6. Remote login with Telnet Client for non-root user access.
7. Login with Root: Mv/etc/securetty/etc/securetty.bak so root can log in. You can also do this:
Modify/etc/pam.d/login this file. Just comment out the following line.
#auth Required Lib/security/pam_securetty.so
8. Detailed preparation of/etc/xinetd.d/telnet
Service Telnet
{
Disable =no
Bind =192.168.1.2
Only_from=192.168.1.0/24
#上面这两行说明仅提供内部网段!
Instance =unlimited
Nice =0
Flags =reuse
Socket_type=stream
Wait =no
User =root
#server =/usr/sbin/telnetd
Server =/usr/sbin/in.telnetd
Server_args =-a None
Log_on_failure +=userid
}
Service Telnet
{
Disable =no
Bind =140.116.142.196
Only_from=140.116.0.0/16
no_access=140.116.32. {10,26}
#上面三行设置外部较为严格的限制
Instance =10
Umask =022
Nice =10
Flags =reuse
Socket_type=stream
Wait =no
User =root
#server =/usr/sbin/telnetd
Server =/usr/sbin/in.telnetd
Log_on_failure +=userid
}
9. Add Firewall iptables:
If you want to telnet to this network segment and 61.xxx.xxx.xxx this IP, you can add the following lines of rules: 192.168.0.0/24
/sbin/iptables-a input-p tcp-i eth0-s 192.168.0.0/24--dport 23-j ACCEPT
/sbin/iptables-a input-p tcp-i eth0-s 61.xxx.xxx.xxx--dport 23-j ACCEPT
/sbin/iptables-a input-p tcp-i eth0--dport 23-j DROP
10. Add a firewall/etc/hosts.allow (deny) mechanism:
It opens the 192.168.0.0/24, but if you just want to get the 192.168.0.1~192.168.0.5 into it, you can set it up as follows:
Vi/etc/hosts.allow
In.telnetd:192.168.0.1,192.168.0.2,192.168.0.3,192.168.0.4,192.168.0.5:allow
"Go" buntu Telnet Service installation configuration