telnet service
A, telnet service introduction
- telnet remote management services, TCP protocol on port 23
- telnet service is dependent services, managed by xinetd
- Account number and password in clear text transmission through unsafe, tired does not apply to Unix systems
- Linux does not use the system default telnet, use ssh
Second, build a telnet service
Requirement 1: Building the telnet service, the client can use specialized tools to access telnet or telnet server management
Environment: server: 10.1.1.2 build telnet service
client: 10.1.1.3 Test using telnet service telnet remote login server
Ideas:
- Installation package (telnet keyword search, telnet-server, xinetd)
- According to the demand to complete construction service by modifying the configuration file
- Start the service, boot from the start (start xinetd)
- Testing and certification
step:
- Turn off the firewall and selinux
[root@server ~]# service iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] [root@server ~]# chkconfig iptables off [root@server ~]# chkconfig --list | grep iptables iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@server ~]# getenforce Enforcing [root@server ~]# setenforce usage: setenforce [ Enforcing | Permissive | 1 | 0 ] [root@server ~]# setenforce 0 //临时设置关闭 [root@server ~]# getenforce //查看 Permissive [root@server ~]# vim /etc/sysconfig/selinux # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. # SELINUX=enforcing SELINUX=disabled //永久关闭,重启生效
Configure the local yum source cliché
Trilogy Software
View and install the corresponding package
[root@server ~]# yum list | grep telnet telnet.x86_64 1:0.17-47.el6_3.1 server telnet-server.x86_64 1:0.17-47.el6_3.1 server [root@server ~]# yum list | grep xinetd xinetd.x86_64 2:2.3.14-39.el6_4 server [root@server ~]# yum -y install telnet-server xinetd
Confirm successful installation package
[root@server ~]# rpm -q xinetd telnet-server xinetd-2.3.14-39.el6_4.x86_64 telnet-server-0.17-47.el6_3.1.x86_64
View a list of files with the software
[root@server ~]# rpm -ql xinetd /etc/rc.d/init.d/xinetd /etc/xinetd.conf //主配置文件 /usr/sbin/xinetd //二进制命令 /etc/xinetd.d/ //子配置文件的主目录(轻量级服务所在) [root@server ~]# rpm -ql telnet-server /etc/xinetd.d/telnet //telnet服务的配置文件 /usr/sbin/in.telnetd //程序本身、命令 /usr/share/man/man5/issue.net.5.gz //man文档手册 /usr/share/man/man8/in.telnetd.8.gz /usr/share/man/man8/telnetd.8.gz
Understanding of the relevant configuration file
RHEL6/CentOS6: 主配置文件 cat /etc/xinetd.conf | grep -v ^# |grep -v ^$ defaults { log_type = SYSLOG daemon info --日志类型,表示使用syslog进行服务登记 log_on_failure = HOST --失败日志,失败后记录客户机的IP地址 log_on_success = PID HOST DURATION EXIT --成功日志,记录客户机的IP地址和进程ID cps = 50 10 --表示每秒50个连接,如果超过限制,则等待10秒,主要用于对付拒绝服务攻击 instances = 50 --最大连接数 per_source = 10 --每个IP地址最大连接数 v6only = no --不使用ipv6 groups = yes --确定该服务的进程组ID,/etc/group umask = 002 --文件生成码反掩码 666(664) 777(775) } 子配置文件 [root@server ~]# cat /etc/xinetd.d/telnet # default: on # description: The telnet server serves telnet sessions; it uses \ # unencrypted username/password pairs for authentication. service telnet { flags = REUSE //标记 socket_type = stream //tcp协议 wait = no //表示不需要等待,即服务将以多线程的方式运行,并发连接;yes表示单线程 user = root //以root身份启动该进程 server = /usr/sbin/in.telnetd //二进制命令 log_on_failure += USERID //表示设置失败时,UID添加到系统登记表 disable = yes //默认开启服务,=yes表示关闭 }
According to the demand to complete construction service by modifying the configuration file
[root@server ~]# vim /etc/xinetd.d/telnet service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no }
Start the service, boot from the start
[root@server ~]# /etc/init.d/xinetd start Starting xinetd: [ OK ] [root@server ~]# netstat -nltp|grep xinetd tcp 0 0 :::23 :::* LISTEN 2550/xinetd 23号端口(/etc/servers文件里有各服务端口) [root@server ~]# chkconfig xinetd on //开机自启 [root@server ~]# chkconfig --list|grep xinetd xinetd 0:off 1:off 2:on 3:on 4:on 5:on 6:off xinetd based services:
Testing and certification
In the telnet client installation tool
[root@client ~]# yum list | grep telnet [root@client ~]# rpm -q telnet telnet-0.17-47.el6_3.1.x86_64 [root@client ~]# rpm -ql telnet /usr/bin/telnet /usr/share/man/man1/telnet.1.gz [root@client ~]# telnet 10.1.1.2 Trying 10.1.1.2... Connected to 10.1.1.2. Escape character is '^]'. CentOS release 6.5 (Final) Kernel 2.6.32-431.el6.x86_64 on an x86_64 login: root Password: Login incorrect //telnet本身拒绝以root用户远程登录,不安全 如果想以root登录 则需要先删除server端的/etc/securetty,或者移出,或者改名,建议改名 [root@server ~]# mv /etc/securetty /etc/securetty.bak 此时再去客户端尝试,成功。但是不建议这样做,最好用普通用户登录 [root@client ~]# telnet 10.1.1.2 Trying 10.1.1.2... Connected to 10.1.1.2. Escape character is '^]'. CentOS release 6.5 (Final) Kernel 2.6.32-431.el6.x86_64 on an x86_64 login: root Password: Last login: Fri Apr 19 20:58:23 from 10.1.1.1 [root@server ~]# 请在尝试后rollback以上操作