suse下的telnet配置

一、查看TELNET是否已经启动
linux:~ # chkconfig -list |grep telnet
telnet: off
二、查看TELNET的启动配置文件信息
linux:/etc/xinetd.d # more telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should /
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN /
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
disable = yes
}
此时,还是无法通过TELNET登陆
三、采用如下方法启动
linux:/etc/xinetd.d # chkconfig telnet on
linux:/etc/xinetd.d # chkconfig -list |grep telnet
telnet: on
linux:/etc/xinetd.d # ls
四、再来查看配置文件信息发现那个disable没有存在了
linux:/etc/xinetd.d # more telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should /
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN /
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
}
但此时还是无法通过TELNET登陆
五、需要对xinetd进行重新启动,因为TELNET是嵌入到了xinetd这个超级进程中,必须通过它来进行启动
linux:/etc/init.d # ./xinetd stop
Shutting down xinetd: done
linux:/etc/init.d # ./xinetd start
Starting INET services. (xinetd) done
linux:/etc/init.d #
此时可以通过其他正常用户TELNET登陆,但是无法使用ROOT登陆,信息如下
Welcome to SUSE LINUX Enterprise Server 9 (i586) - Kernel 2.6.5-7.97-smp (1).
linux login: root
Password:
Login incorrect

linux login: root
Password:
Login incorrect

linux login: oracle
Password:
Last login: Thu Jun 18 13:28:28 from 118.29.25.113
oracle@linux:~>

五、做如下操作使得ROOT可以登陆,但不建议使用,为保证安全
linux:/etc # mv securetty securetty.bak ----一定要使用这一步骤
linux:/etc #
linux:/etc # more ftpusers
pop
postfix
postgres
#root ----在ROOT前加个#注释掉
sapdb
skyrix
squid
uucp
virtuoso
保存退出后,然后就可以使用ROOT登陆了,信息如下
Welcome to SUSE LINUX Enterprise Server 9 (i586) - Kernel 2.6.5-7.97-smp (1).
linux login: root
Password:
2 failures since last login. Last was 14:25:24 on 1.
You have new mail in /var/mail/root.
Last login: Fri Jun 19 14:11:14 from 118.29.25.112
linux:~ #
六、只允许某个IP登陆,如223.78.75.188
linux:/etc/xinetd.d # vi telnet

# default: off
# description: Telnet is the old login server which is INSECURE and should /
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN /
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
only_from = 223.78.75.188 -----这一步测试需要写入的参数
}
保存退出后,重启动xinetd服务,前面有过,此处不重复
之后通过我的电脑118.29.25.112则无法telnet了

七、只允许我的电脑118.29.25.112在某个时间段登陆,如15:30-16:00
linux:/etc/xinetd.d # vi telnet

# default: off
# description: Telnet is the old login server which is INSECURE and should /
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN /
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
only_from &

 

------------------------------------------------

service telnet
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        only_from       = 118.29.25.112            -----这一步测试需要写入的参数
        access_times    = 15:30-16:00              -----这一步测试需要写入的参数
 
}
保存退出后,重启动xinetd服务,前面有过,此处不重复
此时也无法TELNET了,因为时间不匹配,测试的时候
若把时间改为正确的14:00--15:00则可以登陆,信息如下
linux:/etc/xinetd.d # vi telnet
 
# default: off
# description: Telnet is the old login server which is INSECURE and should /
#       therefore not be used. Use secure shell (openssh).
#       If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN /
#       uplink), add "-n".  See 'man telnetd' for more details.
service telnet
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        only_from       = 118.29.25.112             -----这一步测试需要写入的参数
        access_times    = 14:00-15:00               -----这一步测试需要写入的参数
 
}
尝试登陆
Welcome to SUSE LINUX Enterprise Server 9 (i586) - Kernel 2.6.5-7.97-smp (1).

linux login: oracle
Password:
Last login: Fri Jun 19 14:38:29 from 118.29.25.112
oracle@linux:~>
八、允许每个客户端最多同时有3个TELNET联系到服务器
linux:/etc/xinetd.d # vi telnet
 
# default: off
# description: Telnet is the old login server which is INSECURE and should /
#       therefore not be used. Use secure shell (openssh).
#       If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN /
#       uplink), add "-n".  See 'man telnetd' for more details.
service telnet
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        only_from       = 118.29.25.112
        access_times    = 14:00-15:00
        per_source      = 3                         -----这一步测试需要写入的参数
 
}
保存退出后,重启动xinetd服务,前面有过,此处不重复
此时去连接的时候,到第4个连接是无法连上的
九、禁止我的电脑118.29.25.112登陆
linux:/etc/xinetd.d # vi telnet
 
# default: off
# description: Telnet is the old login server which is INSECURE and should /
#       therefore not be used. Use secure shell (openssh).
#       If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN /
#       uplink), add "-n".  See 'man telnetd' for more details.
service telnet
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        only_from       =  223.78.75.188
        no_access       = 118.29.25.112            -----这一步测试需要写入的参数
        access_times    = 14:00-15:00
        per_source      = 3               
 
}
保存退出后,重启动xinetd服务,前面有过,此处不重复
此时我的电脑去连接的时候, 是无法成功的

十、关闭TELNET服务
linux:~ # chkconfig telnet off
linux:~ # chkconfig -list |grep telnet
        telnet:             off
linux:~ #
以下是参考:
修改instances的数量,修改可同时连接的telnet终端数量
instances       = 10
 
如果要配置禁止登录的客户端列表,加入
no_access    = 192.168.0.{2,3,4} #禁止192.168.0.2、192.168.0.3、192.168.0.4登录
    
如果要设置开放时段,加入
access_times =  9:00-12:00 13:00-17:00 # 每天只有这两个时段开放服务(我们的上班时间:P)
    
如果你有两个IP地址,一个是私网的IP地址如192.168.0.2,一个是公网的IP地址如218.75.74.83,如果你希望用户只能从私网来登录telnet服务,那么加入
bind = 192.168.0.2

 

http://5158.blog.ccidnet.com/blog-htm-itemid-6307563-do-showone-type-blog-uid-41796.html

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值