telnet service

A, telnet service introduction

telnet remote management services, TCP protocol on port 23
telnet service is dependent services, managed by xinetd
Account number and password in clear text transmission through unsafe, tired does not apply to Unix systems
Linux does not use the system default telnet, use ssh

Second, build a telnet service

Requirement 1: Building the telnet service, the client can use specialized tools to access telnet or telnet server management
Environment: server: 10.1.1.2 build telnet service

client: 10.1.1.3 Test using telnet service telnet remote login server
Ideas:
- Installation package (telnet keyword search, telnet-server, xinetd)
- According to the demand to complete construction service by modifying the configuration file
- Start the service, boot from the start (start xinetd)
- Testing and certification

step:

Turn off the firewall and selinux

[root@server ~]# service iptables stop
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[root@server ~]# chkconfig iptables off
[root@server ~]# chkconfig --list | grep iptables
iptables          0:off   1:off   2:off   3:off   4:off   5:off   6:off
[root@server ~]# getenforce
Enforcing
[root@server ~]# setenforce 
usage:  setenforce [ Enforcing | Permissive | 1 | 0 ]
[root@server ~]# setenforce 0 //临时设置关闭
[root@server ~]# getenforce       //查看
Permissive
[root@server ~]# vim /etc/sysconfig/selinux 
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUX=enforcing
SELINUX=disabled  //永久关闭，重启生效

Configure the local yum source cliché

Trilogy Software

View and install the corresponding package

[root@server ~]# yum list | grep telnet
telnet.x86_64                         1:0.17-47.el6_3.1           server
telnet-server.x86_64                  1:0.17-47.el6_3.1           server
[root@server ~]# yum list | grep xinetd
xinetd.x86_64                         2:2.3.14-39.el6_4           server
[root@server ~]# yum -y install telnet-server xinetd

Confirm successful installation package

[root@server ~]# rpm -q xinetd  telnet-server
xinetd-2.3.14-39.el6_4.x86_64
telnet-server-0.17-47.el6_3.1.x86_64

View a list of files with the software

[root@server ~]# rpm -ql xinetd
/etc/rc.d/init.d/xinetd
/etc/xinetd.conf     //主配置文件
/usr/sbin/xinetd     //二进制命令
/etc/xinetd.d/           //子配置文件的主目录（轻量级服务所在）


[root@server ~]# rpm -ql telnet-server
/etc/xinetd.d/telnet     //telnet服务的配置文件
/usr/sbin/in.telnetd     //程序本身、命令
/usr/share/man/man5/issue.net.5.gz   //man文档手册
/usr/share/man/man8/in.telnetd.8.gz
/usr/share/man/man8/telnetd.8.gz

Understanding of the relevant configuration file

RHEL6/CentOS6：
主配置文件
cat /etc/xinetd.conf | grep -v ^# |grep -v ^$
defaults
{

    log_type    = SYSLOG daemon info  --日志类型，表示使用syslog进行服务登记
    log_on_failure  = HOST      --失败日志，失败后记录客户机的IP地址
    log_on_success  = PID HOST DURATION EXIT  --成功日志，记录客户机的IP地址和进程ID
    cps     = 50 10 --表示每秒50个连接，如果超过限制，则等待10秒，主要用于对付拒绝服务攻击
    instances   = 50    --最大连接数
    per_source  = 10    --每个IP地址最大连接数
    v6only      = no    --不使用ipv6
    groups      = yes   --确定该服务的进程组ID，/etc/group
    umask       = 002   --文件生成码反掩码  666（664） 777（775）

}

子配置文件
[root@server ~]# cat /etc/xinetd.d/telnet 
# default: on
# description: The telnet server serves telnet sessions; it uses \
#   unencrypted username/password pairs for authentication.
service telnet
{
    flags       = REUSE     //标记
    socket_type = stream    //tcp协议
    wait        = no        //表示不需要等待，即服务将以多线程的方式运行，并发连接；yes表示单线程
    user        = root      //以root身份启动该进程
    server      = /usr/sbin/in.telnetd      //二进制命令
    log_on_failure  += USERID   //表示设置失败时，UID添加到系统登记表
    disable     = yes       //默认开启服务，=yes表示关闭
}

According to the demand to complete construction service by modifying the configuration file

[root@server ~]# vim /etc/xinetd.d/telnet 
service telnet
{
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        log_on_failure  += USERID
        disable         = no
}

Start the service, boot from the start

[root@server ~]# /etc/init.d/xinetd start
Starting xinetd:                                           [  OK  ]
[root@server ~]# netstat -nltp|grep xinetd
tcp        0      0 :::23                       :::*                        LISTEN      2550/xinetd 
23号端口（/etc/servers文件里有各服务端口）

[root@server ~]# chkconfig xinetd on        //开机自启
[root@server ~]# chkconfig --list|grep xinetd
xinetd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
xinetd based services:

Testing and certification

In the telnet client installation tool

[root@client ~]# yum list | grep telnet
[root@client ~]# rpm -q telnet
telnet-0.17-47.el6_3.1.x86_64
[root@client ~]# rpm -ql telnet
/usr/bin/telnet
/usr/share/man/man1/telnet.1.gz

[root@client ~]# telnet 10.1.1.2
Trying 10.1.1.2...
Connected to 10.1.1.2.
Escape character is '^]'.
CentOS release 6.5 (Final)
Kernel 2.6.32-431.el6.x86_64 on an x86_64
login: root
Password: 
Login incorrect     //telnet本身拒绝以root用户远程登录，不安全

如果想以root登录
则需要先删除server端的/etc/securetty，或者移出，或者改名，建议改名
[root@server ~]# mv /etc/securetty /etc/securetty.bak

此时再去客户端尝试,成功。但是不建议这样做，最好用普通用户登录

[root@client ~]# telnet 10.1.1.2
Trying 10.1.1.2...
Connected to 10.1.1.2.
Escape character is '^]'.
CentOS release 6.5 (Final)
Kernel 2.6.32-431.el6.x86_64 on an x86_64
login: root
Password: 
Last login: Fri Apr 19 20:58:23 from 10.1.1.1
[root@server ~]# 
请在尝试后rollback以上操作

telnet service

telnet service

A, telnet service introduction

Second, build a telnet service

Guess you like