One: Introduction
Although it is now believed that Telnet/ftp/rsh as an unsafe service has not been used, but in some cases within the local area network is still widely used, especially security is not very important occasions, some services such as FTP, because of the long history, most of the occasions still useful. Many people encounter problems when using these services to log on as root directly, this article simply introduces the setup method and related issues.
II: Environment
Suppose that all the operating environment of this article is Redhat Linux, one for telnet/ftp/rsh/ssh customers, IP is 192.168.0.2, host name is client.domain.com, and the other is server, IP is 192.168.0.1, host name is server.domain.com, both run Redhat Linux 7.1.
Three: Usage
1. direct Telnet as root.
A. After running/USR/SBIN/NTSYSV on the server server.domain.com, select the Telnet service and click OK.
B. Run #/sbin/service xinetd restart start Telnet service
C. Run #e cho "pts/0" >>/etc/securetty and
#e cho "PTS/1" >>/etc/securetty
......
More remote terminals allow direct login as root
D. Ensure that there are rows similar to the following in the/etc/hosts on the server.domain.com.
192.168.1.2 client.domain.com Client
If not, the echo "192.168.1.2 client.domain.com Client" >>/etc/hosts is run on the server
At this point you should be able to remotely telnet from the client directly as root.
If the server is Redhat 6.x, add a single digit such as 0,1,2,3 ... to/etc/securetty, a number line must start with 0.
Just add numbers to yourself, no pts,tty.
If the server is Redhat 5.x, then add Ttyp0, TTYP1,TTYP2 ... Wait until/etc/securetty.
People often ask, why telnet/ftp to the server to wait a long time? That's because when the server detects a client remote connection coming in, it knows the customer's IP, but according to the TELNET/FTP service internal mechanism, it needs to reverse check the IP domain name, if you have a DNS server and set the reverse domain name, then quickly find, if not, then simply in the server's/etc/ It is OK to include the customer record in the hosts.
2. Direct rsh as root.
A. Run/URS/BIN/NTSYSV on the server select Rexec, Rlogin, rsh three services.
B. Run #/sbin/service xinetd Restart to start the three services.
C. Run #e cho "rexec" >>/etc/securetty;echo "Rlogin" >>
/etc/securetty;echo "Rsh" >>/etc/securetty
D. Run #e cho "192.168.0.2 root" >>/root/.rhosts or #e cho "client root" >>/root/.rhosts on the server and ensure/etc/host on the server S has a client record 192.168.0.2 client.domain.com client so you should be able to rsh to the server from the client directly as root without the need for a password.
Note: Only Redhat 7.x is required to set/etc/securetty for Rsh.
3. Direct FTP as root.
The simple thing is to put a comment # in front of the root line in the/etc/ftpusers on the server. In modern network technology, TELNET/RSH/FTP can be replaced by SSH/SCP, even have a winscp, graphical SCP tools, free windows SSH customers have many, such as Tera term, putty and so on. However, FTP still has its usefulness on some occasions. Here are two kinds of examples:
A. FTP can be directly to the remote server on a directory compressed to the client, such as the remote server has a sbin directory, you can use get sbin.tar.gz directly to the entire directory compressed FTP down to become a single compressed file. This approach can be well used in remotely replicating the entire Linux OS.
B. In order to remotely replicate another Linux OS, you can boot to a partition-ready interface with the Redhat CD (choose an interface that is automatically or manually partitioned), then switch to the second terminal with ALT+F2, set the IP and default gateway for the network adapter, and use the FDISK/E2FSCK The partition uses the format local hard disk, uses the FTP to obtain the server's all directories remotely except the proc directory, then can duplicate one and the remote same server.
4. direct SSH as root.
The default setting for OpenSSH sshd_config is to allow login as root permitrootlogin Yes, you can change to no to prevent this feature from enhancing security. In order to login directly without password as root, it is best to use the RSA key to the authentication mode.