1 Introduction
The Telnet protocol is a member of the TCP/IP protocol suite, and is the standard protocol and main method of the Internet remote login service. It provides users with the ability to complete remote host work on the local computer. Use the telnet program on the end user's computer to connect to the server . End users can enter telnet program commands that will be in the server is running on, just the same as the input directly on the server console. The server can be controlled locally . To start a telnet session, you must enter a user name and password to log in to the server . Telnet is a commonly used method to remotely control a Web server .
2. Installation
By default, if the telnet service is not installed under the centOS minimal installation, you need to install it yourself (****root privileges****):
error:
[root@localhost log]# telnet 192.168.10.56 27017
-bash: telnet: command not found
1: View system version information (centos7):
[root@localhost log]# cat /etc/issue
\S
Kernel \r on an \m
2: Check whether telnet is installed:
[root@localhost log]# rpm -qa | grep telnet
[root@localhost log]#
3: To install, client and server:
[root@localhost xinetd.d]# yum -y install telnet
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
……………………
Verifying : 1:telnet-0.17-59.el7.x86_64 1/1
Installed:
telnet.x86_64 1:0.17-59.el7
Complete!
[root@localhost xinetd.d]# yum -y install telnet-server
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
……………………
Verifying : 1:telnet-server-0.17-59.el7.x86_64 1/1
Installed:
telnet-server.x86_64 1:0.17-59.el7
Complete!
Note: If you install the telnet-server service and start it depends on the xinetd service. The xinetd super service is to manage and protect each service, and it is not installed, you need to follow it first.
xinetd: eXtended InterNET services daemon, super Internet server, commonly used to manage a variety of lightweight Internet services.
*4: Check whether xinetd is installed (if installed, don’t install):*
[root@localhost ~]# rpm -qa | grep xinetd
[root@localhost ~]#
*5: Install xinetd service: *
[root@localhost init.d]# yum -y install xinetd
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
……………………
Verifying : 2:xinetd-2.3.15-12.el7.x86_64 1/1
Installed:
xinetd.x86_64 2:2.3.15-12.el7
Complete!
xinetd installation is complete! ****
6: After the telnet service, the default is not to turn on the service, modify the file /etc/xinetd.d/telnet to turn on the service: ****
Note: modify if there is any, modify it for the first time, if this file is not Exist, you can create and modify your own vim:
modify disable = yes to disable = no
[root@localhost xinetd.d]# pwd
/etc/xinetd.d
[root@localhost xinetd.d]# ls
chargen-dgram chargen-stream daytime-dgram daytime-stream discard-dgram discard-stream echo-dgram echo-stream tcpmux-server time-dgram time-stream
[root@localhost xinetd.d]# vim telnet
[root@localhost xinetd.d]# cat telnet
The modified telnet file is:
# default: yes
# description: The telnet server servestelnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server =/usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
}
*7: Check after installation:*
[root@CentOS-Slave1 xinetd.d]# rpm -qa | grep telnet
telnet-0.17-59.el7.x86_64
telnet-server-0.17-59.el7.x86_64
[root@CentOS-Slave1 xinetd.d]# rpm -qa | grep xinetd
xinetd-2.3.15-12.el7.x86_64
*8: Start telnet and dependent xinetd services:*
Before centos7:
$ service xinetd restart
或$ /etc/rc.d/init.d/xinetd restart
In centos7 (service startup item without xinetd):
[root@CentOS-Slave1 xinetd.d]# service xinetd restart
Redirecting to /bin/systemctl restart xinetd.service
[root@CentOS-Slave1 xinetd.d]# systemctl restart xinetd.service
or
[root@CentOS-Slave1 xinetd.d]# /bin/systemctl restart xinetd.service
*9: View start:*
[root@CentOS-Slave1 xinetd.d]# ps -ef | grep xinetd
root 6641 1 0 23:22 ? 00:00:00 /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
root 6644 5817 0 23:24 pts/3 00:00:00 grep --color=auto xinetd
10: Test telent, enter ip+user name+password to log in, please refer to the appendix for the log in question:
[root@CentOS-Slave1 pam.d]# telnet 192.168.10.56
Trying 192.168.10.56...
Connected to 192.168.10.56.
Escape character is '^]'.
Kernel 3.10.0-229.el7.x86_64 on an x86_64
CentOS-Slave1 login: root
Password:
Last failed login: Sat Oct 17 23:25:50 CST 2015 from CentOS-Slave1 on pts/0
There were 3 failed login attempts since the last successful login.
Last login: Sat Oct 17 22:22:27 from CentOS-Slave1
[root@CentOS-Slave1 ~]# exit
logout
Connection closed by foreign host.
*11: Set the service to start on boot:*
[root@CentOS-Slave1 rc3.d]# chkconfig --level 35 xinetd on
Note: Forwarding request to 'systemctl enable xinetd.service'.
[root@CentOS-Slave1 rc3.d]# systemctl enable xinetd.service
*12: View:*
[root@CentOS-Slave1 rc3.d]# chkconfig --list
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
mysql 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd based services:
chargen-dgram: off
chargen-stream: off
daytime-dgram: off
daytime-stream: off
discard-dgram: off
discard-stream: off
echo-dgram: off
echo-stream: off
tcpmux-server: off
telnet: on
time-dgram: off
time-stream: off
Remarks attachment:
*Question 1:*
Root login under telnet, the password is correct, always prompt: Login incorrect
****Solution 1****: Comment the first line of /etc/pam.d/remote,
namely: auth required pam_securetty.so
[root@CentOS-Slave1 pam.d]# pwd
/etc/pam.d
[root@CentOS-Slave1 pam.d]# cat remote
#%PAM-1.0
#telent 远程root登陆允许
#auth required pam_securetty.so
auth substack password-auth
auth include postlogin
………………
Question 2 : When other machines remotely Telnet, the login is unsuccessful. It may be a firewall problem. Modify the firewall settings:
Note: netstat -tunlp check whether port 23 is blocked by the firewall:
[root@CentOS-Slave1 pam.d]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 5891/./mongod
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 848/sshd
tcp6 0 0 :::3306 :::* LISTEN 1997/mysqld
tcp6 0 0 :::22 :::* LISTEN 848/sshd
tcp6 0 0 :::23 :::* LISTEN 1/systemd
Then use iptables to modify the settings, use service iptables save to save the settings, and then service iptables restart to restart the firewall:
iptables -I INPUT -p tcp --dport 23 -jACCEPT
iptables -I INPUT -p udp --dport 23 -jACCEPT
service iptables save //保存
service iptables restart //重启防火墙
*Question new:*
[root@CentOS-Slave1 rc3.d]# chkconfig --level 35 xinetd on
Note: Forwarding request to ‘systemctl enable xinetd.service’.
[root@CentOS-Slave1 xinetd.d]# service xinetd restart
Redirecting to /bin/systemctl restart xinetd.service
*Solve new:*
*The instructions are available, but the new version of the system, the instructions are (Redirecting/Forwarding) to:
service xinetd restart —> systemctl restart xinetd.service*
* chkconfig --level 35 xinetd on —> systemctl enable sshd.service #corresponding Disable*
*$. Remember: Use this command to control the service in the future. *
Question 3 : After logging in to the host via telnet, it will prompt Escape character is'^]':
Clicking the prompt means that pressing Ctrl +] will call out the telnet command line, and you can execute the telnet command:
*telnet command:*
#close关闭当前连接
#logout强制退出远程用户并关闭连接
#display显示当前操作的参数
#mode试图进入命令行方式或字符方式
#open连接到某一站点
#quit退出
#telnetsend发送特殊字符
#set设置当前操作的参数
#unset复位当前操作参数
#status打印状态信息
#toggle对操作参数进行开关转换
#slc改变特殊字符的状态
#auth打开/关闭确认功能z挂起
#telnetenviron更改环境变量,显示帮助信息
*iptables parameters:*
iptables [-AI 链名] [-io 网络接口] [-p 协议] \
> [-s 来源IP/网域] [-d 目标IP/网域] -j [ACCEPT|DROP|REJECT|LOG]
选项与参数:
-AI 链名:针对某的链进行规则的 "插入" 或 "累加"
-A :新增加一条规则,该规则增加在原本规则的最后面。例如原本已经有四条规则,
使用 -A 就可以加上第五条规则!
-I :插入一条规则。如果没有指定此规则的顺序,默认是插入变成第一条规则。
例如原本有四条规则,使用 -I 则该规则变成第一条,而原本四条变成 2~5 号
链 :有 INPUT, OUTPUT, FORWARD 等,此链名称又与 -io 有关,请看底下。
-io 网络接口:设定封包进出的接口规范
-i :封包所进入的那个网络接口,例如 eth0, lo 等接口。需与 INPUT 链配合;
-o :封包所传出的那个网络接口,需与 OUTPUT 链配合;
-p 协定:设定此规则适用于哪种封包格式,主要的封包格式有: tcp, udp, icmp 及 all 。
-s 来源 IP/网域:设定此规则之封包的来源项目,可指定单纯的 IP 或包括网域,例如:IP :192.168.0.100
网域:192.168.0.0/24, 192.168.0.0/255.255.255.0 均可。
若规范为『不许』时,则加上 ! 即可,例如:-s ! 192.168.100.0/24 表示不许 192.168.100.0/24 之封包来源;
-d 目标 IP/网域:同 -s ,只不过这里指的是目标的 IP 或网域。
-j :后面接动作,主要的动作有接受(ACCEPT)、丢弃(DROP)、拒绝(REJECT)及记录(LOG)
linux run level
chkconfig命令提供了一种简单的方式来设置一个服务的运行级别,on和off分别指服务被启动和停止。
运行级别就是操作系统当前正在运行的功能级别。级别是从0到6。
级别3和5上设定服务为“on”
chkconfig --level 35 mysql on
其他级别上设为off
chkconfig --level 01246 mysql off
列出服务将会运行的运行级别
#chkconfig --list mysql
mysql 0:off 1:off 2:off 3:on 4:off 5:on 6:off
Linux下的7个运行级别:
0:系统停机状态,系统默认运行级别不能设置为0,否则不能正常启动,机器关闭。
1:单用户工作状态,root权限,用于系统维护,禁止远程登陆,就像Windows下的安全模式 登录。
2:多用户状态,没有NFS支持。
3:完整的多用户模式,有NFS,登陆后进入控制台命令行模式。
4:系统未使用,保留一般不用,在一些特殊情况下可以用它来做一些事情。eg:在笔记本电脑的电池用尽时,可以切换到这个模式来做一些设置。
5:X11控制台,登陆后进入图形GUI模式,XWindow系统。
6:系统正常关闭并重启,默认运行级别不能设为6,否则不能正常启动。运行init6机器就会重启。
标准的Linux运行级别为3或5运行级别原理:
1.在目录/etc/rc.d/init.d下有许多服务器脚本程序,一般称为服务(service)
2.在/etc/rc.d下有7个名为rcN.d的目录(N:0,1,2……),对应系统的7个运行级别
3.rcN.d目录下都是一些符号链接文件,这些链接文件都指向init.d目录下的service脚 本文件,命名规则为K+nn+服务名或S+nn+服务名,其中nn为两位数字。
4.系统会根据指定的运行级别进入对应的rcN.d目录,并按照文件名顺序检索目录下的链接文件:对于以K(Kill)开头的文件,系统将终止对应的服;对于以S(Start开头的文件,系统将启动对应的服务
5.查看运行级别用:runlevel
[root@CentOS-Slave1 pam.d]# runlevel
N 3
[root@CentOS-Slave1 etc]# cd rc.d/
[root@CentOS-Slave1 rc.d]# ls
init.d rc0.d rc1.d rc2.d rc3.d rc4.d rc5.d rc6.d rc.local
[root@CentOS-Slave1 rc.d]# cd rc3.d/
[root@CentOS-Slave1 rc3.d]# ls
K50netconsole S10network S64mysql
[root@CentOS-Slave1 rc3.d]# pwd
/etc/rc.d/rc3.d