Remote connection (Telnet/FTP/rsh/ssh) as root usage and summary

Remote connection (Telnet/FTP/rsh/ssh) as root usage and summary

I. Introduction

Although we all think that telnet, FTP, and rsh are not safe services

In some cases, especially when security is not very important, some services such as FTP,

Because of its long history, it is still of great use in most cases. Many people use these services to log on directly as the root user.

This article briefly introduces the setting method and related problems.

II. Environment

Assume that all the operating environments in this article are RedHat Linux, one is Telnet/FTP/rsh/ssh client, and the IP address is

1array2. 168.0.2, host name is

Client.domain.com; the other is the server, the IP address is 1array2. 168.0.1, and the host name is

Server.domain.com, both of which run RedHat Linux 7.1.

Iii. Usage

1. Use Telnet as root.

A. Run/usr/sbin/ntsysv on server server.domain.com, select the telnet service, and click OK.

B. Run #/sbin/service xinetd restart to start the telnet service.

C. Run # echo "pts/0">/etc/securetty and

# Echo "pts/1">/etc/securetty

......

More remote terminals allow direct logon as root

D. Make sure there are rows similar to the following in/etc/hosts on server.domain.com.

1array2. 168.1.2 client.domain.com Client

If no, run echo "1array2. 168.1.2 client.domain.com client">

/Etc/hosts

At this point, you should be able to remotely Telnet from the client as the root user.

If the server is RedHat 6.x, add a single number, such as, 2, 3... to the end of/etc/securetty, a number

A row of characters, which must start with 0.

Add only numbers, no pts, TTY.

If the server is RedHat 5.x, add ttyp0, ttyp1, ttyp2... wait until/etc/securetty.

Some people often ask why it takes a long time for Telnet/FTP to enter the server? That's because when the server detects a customer

When the remote connection comes in, it knows the customer's IP address, but according to the internal mechanism of the Telnet/FTP service, it needs to reverse check

Check the Domain Name of the IP address. If you have a DNS server and set a reverse domain name, you will soon find it. If not, simply

Add the customer record to/etc/hosts on the server.

2. directly use RSH as the root.

A. Run/Urs/bin/ntsysv on the server and select rexec, rlogin, and RSH.

B. Run #/sbin/service xinetd restart to start the three services.

C. Run # echo "rexec">/etc/securetty; echo "rlogin">

/Etc/securetty; echo "RSH">/etc/securetty

D. Run # echo "1array2. 168.0.2 root">/root/. rhosts on the server

Or # echo "client root">/root/. rhosts and make sure the/etc/hosts on the server contains

Client records

1array2. 168.0.2 client.domain.com Client

At this point, you should be able to directly use the root identity RSH from the client to the server without a password.

Note: you only need to set/etc/securetty for RSH from RedHat 7.x.

3. directly use FTP as root.

This is relatively simple. Just put a comment # In front of the root line in/etc/ftpusers on the server.

In modern network technology, Telnet/rsh/FTP can be replaced by SSH/SCP, or even have

Winscp, graphical SCP tool, in http://winscp.vse.cz/eng/, free windows SSH guest

There are many users, such as limit term and putty.

However, FTP is still useful in some scenarios. Here are two examples:

A. FTP can directly compress a directory on the remote server and send it to the client. For example, the remote server has a sbin directory.

You can use get sbin.tar.gz to directly compress the entire directory and FTP it to form a single compressed file. This party

This method can be used for remote replication.

Linux OS.

B. to remotely copy another Linux OS, you can use the RedHat disc to start the partition preparation interface (select

Automatically or manually partitioned), and then use Alt + F2 to switch to the second terminal, set the nic ip address and the default gateway,

Use fdisk/e2fsck to partition and format the local hard disk. use ftp to remotely obtain all directories of the server except Proc.

You can then copy a server that is the same as a remote server.

4. directly use SSH as root.

The default setting of OpenSSH sshd_config is to allow the user to log on as the root permitrootlogin yes. You can

Change to no to disable this function to enhance security.

In order to directly log on without a password as the root user, it is best to use the RSA key for authentication.