Linux.redhat AS5 下telnet的配置和使用

This has to be one of the more common support calls that I get. The telnet daemon is no longer usually installed by default, so people are surprised when their newly installed Linux system won't answer telnets.

By the way, I am always careful to explain why telnet isn't there anymore; that they probably should be thinking about ssh. But sometimes there are perfectly reasonable reasons: it's only going to be used for a few internal users, there's no path from the outside world, or their firewall is going to tightly control access. I'd still rather see them use ssh, but if they understand its weaknesses and still want to go ahead, so be it.

The first task is to install telnetd. That's the Telnet Daemon that will respond to connection requests from telnet clients. The "telnet" client is installed by default; the telntd daemon is not.

If you have a system that is connected to the internet and that has a package manager like up2date, yum or apt-get, you can use that to load this. For example, on a RedHat system, you might do "up2date telnetd" and that would go fetch the appropriate rpm, download it and install it. You still need to get it running (see below) but it's now installed.

If you don't have that ability, you need to find the software on your CD's. I'll lead you through an example from a RedHat 9 install.

We have to start by putting one of the CD's into the machine. I happen to know that what we want is on CD 3 for RedHat 9, but we're going to pretend that I have forgotten that, so I'll first insert CD 2.

Your system may mount the CD automatically. Give it a second, and type "mount". If you see /dev/cdrom in one of the output lines, you can proceed to the next step. If not, you need to mount it manually. For RedHat 9, "mount -r /dev/cdrom /mnt" will work.

Now you need to find the rpm that has telnetd. This command will search the appropriate place:

ls /mnt/RedHat/RPMS | grep telnet

If you don't have RedHat 9, you are going to have to search around for the proper drectory yourself. You can "cd /mnt" and do "ls" and continue until you find what you want. Remember, you are only looking for rpm's if you are using an rpm based system. You need to know what your OS uses.

If you can't find anything that looks like telnet (and you won't on CD 2 of RedHat 9), you have to move on to the next CD. If you have cd'd into the mounted directory, you have to cd off that before you can unmount and eject the cd. If not, you'll get "device is busy" and won't be able to remove the cd. In our sample case, we'll do:

cd /
umount /dev/cdrom

I could have also done:

cd / 
eject cdrom

Now mount the next CD and repeat your search. On RedHat 9, the grep will turn up something like "telnet-server-0.17-20.i386.rpm". I don't remember the exact numbers from the cd - the important thing is that it's "telnet-server". However, on other systems, it may not be so obvious. For example, from a RedHat ES system:

# rpm  -q --whatprovides `which telnetd`
krb5-workstation-1.2.7-44

http://www.rpmfind.net/ can sometimes help you find what you need. Once found, it needs to be installed. For the RedHat 9:

rpm -iv /mnt/RedHat/RPMS/telnet-server*

Now telnetd is installed (and "which telnetd" will show you where if you are using Bash). It's not running yet, though. For RedHat 9, do:

chkconfig telnetd on

Confirm that telnet now works by "telnet localhost" or "telnet 127.0.0.1".

However, if you installed the RedHat firewall, telnet won't be accepting outside connections, not even from your LAN. For RedHat, you can correct that by running "setup", choosing "Firewall Configuration", select "Customize", and "Allow Incoming Telnet".

Other systems have other methods for enabling telnet. Most likely, they use Xinetd. For example, it might look like one of these examples from two different systems:

root# cat /etc/xinetd.d/telnet
service telnet
{
        disable         = yes
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/libexec/telnetd
        groups          = yes
        flags           = REUSE
}

# cat /etc/xinetd.d/krb5-telnet
# default: off
# description: The kerberized telnet server accepts normal telnet sessions, /
#              but can also use Kerberos 5 authentication.
service telnet
{
        disable = no
        flags           = REUSE
        socket_type     = stream        
        wait            = no
        user            = root
        server          = /usr/kerberos/sbin/telnetd
        server_args     = -n
        log_on_failure  += USERID
}

That's it. The details will vary, but the basic outline is find it, install it, and get it running. You really do need to think about security - not just because it's telnet, but telnet does raise more flags than other protocols and may even invite more break in attempts if it's on the internet: the fact that something responds on port 23 may be seen as weakness and cause more attention than otherwise. There are numerous articles here about general security and ssh; I really suggest you at least brush through them.

  一、安裝telnet軟體包(通常要兩個）
1、 telnet-client (或 telnet)，這個軟體包提供的是 telnet 用戶端程式；
2、 telnet-server ，這個軟體包提供的是 telnet 伺服器端程式；

安裝之前先檢測是否這些軟體包已安裝，方法如下：
[root@root]#rpm –qa telnet或
[root@root]#rpm –qa telnet-client
[root@root]#rpm –qa telnet-server

如果沒有檢測到軟體包，需要進行安裝，red hat 預設已安裝了telnet軟體包，一般只要安裝telnet-server軟體包。
1、在red hat linux 9的安裝盤中擷取telnet-server-0.17-25.i386.rpm軟體包。
2、安裝軟體包
[root@root]#rpm –ivh /mnt/dvdrom/Server/telnet-server-0.17-38.el5.i386.rpm

------------可能遇到的問題：
尚未安裝 xinetd:
瀏覽光碟片位置
[root@localhost ~]# find /mnt/dvdrom/Server/xinetd*
/mnt/dvdrom/Server/xinetd-2.3.14-10.el5.i386.rpm

二、啟動telnet服務
1、開啟服務
方法一：使用ntsysv,在出現的視窗之中，將 telnet前面*加上，然後按下 OK 。
方法二：編輯 /etc/xinetd.d/telnet
[root@root]# vi /etc/xinetd.d/telnet
找到 disable = yes 將 yes 改成 no 。

2、啟用服務
[root@root]# service xinetd restart

三、測試服務
[root@wljs root]#telnet ip(或者hostname）
如果配置正確，系統提示輸入遠程機器的使用者名稱和密碼
Login:
Password:
註：預設只允許普通使用者

四、設定telnet連接埠
# vi /etc/services
進入編輯模式後尋找telnet(vi編輯方式下輸入/telnet)
會找到如下內容：
telnet 23/tcp
telnet 23/udp
將23修改成未使用的連接埠號碼(如：2000)，退出vi，重啟telnet服務，telnet預設連接埠號碼就被修改了。

五、Telnet服務限制
telnet是明文傳送口令和資料的，如果你對其預設的設定不滿意，有必要對其服務涵蓋範圍進行限制。假設你的主機的ip是210.45.160.17，就可以按如下方式設定了，^_^!

#vi /etc/xinetd.d/telnet
service telnet
{
disable = no #啟用 telnet 服務,no
bind = 210.45.160.17 #your ip
only_from = 210.45.0.0/16 #只允許 210.45.0.0 ~ 210.45.255.255 這個網段進入
only_from = .edu.cn #只有教育網才能進入！
no_access = 210.45.160.{115,116} #這兩個ip不可登陸
access_times= 8:00-12:00 20:00-23:59 # 每天只有這兩個時間段開放服務
......
}

六、Telnet root使用者的登入
telnet 不是很安全，預設的情況之下不允許 root 以 telnet 進入 Linux 主機 。若要允許root使用者登入，可用下列方法：
[root @root]# vi /etc/pam.d/login
#auth required pam_securetty.so #將這一行加上注釋！
或
[root@wljs root]# mv /etc/securetty /etc/securetty.bak
這樣， root 就可以直接進入 Linux 主機了。不過，建議不要這樣做。也可以在普通使用者進入後，切換到root使用者,擁有root的許可權。