Telnet协议是登陆远程网络主机最简单的方法之一,只是安全性非常低。对target board来说,必须执行telnet监控程序,这样才可以远程登陆到target board。同时,如果想从开发板通过telnet远程登陆其他host,就需要具备telent client。
在嵌入式Linux系统上的telnet的工具有:
·telnet client
busybox telnet client。busybox本身就是为嵌入式系统量身打造,其telnet client精简,而且比较好用。
·telnet server
主要有telnetd和utelnetd。就文件大小而言,utelnetd套件产生的二进制文件比telnetd要小,但是utelnetd不支持internet super-server.下面先看busybox的telnet功能。client很简单,选择上就可以用了;而telnetd则要相对麻烦一些。
Telnetd的移植倒不麻烦,busybox已经集成了一个。但是因为开始时配置出现问题,所以费了些时间才算稳定。
(1)busybox的配置
对Telnetd的配置部分:
Networking Utilities --->
- telnetd
- Support standalone telnetd (not inetd only)
这个地方的配置说明,telnetd可以由inetd来启动,也可以standalone启动。
(2)编译之后,因为telnetd是busybox的一部分,我在编译busybox时采用了动态编译的方法,所以只要把busybox依赖的动态库放到/lib下,就能保证telnetd不会产生找不到动态库的问题。所以在make;make install之后,telnetd算是到了开发板上。但是仅仅这样还不能让telnetd正常运行。参考配置telnetd时的help部分:
A daemon for the TELNET protocol, allowing you to log onto the host running the daemon. Please keep in mind that the TELNET protocol sends passwords in plain text. If you can't afford the space for an SSH daemon and you trust your network, you may say 'y' here. As a more secure alternative, you should seriously consider installing the very small Dropbear SSH daemon instead:
http://matt.ucc.asn.au/dropbear/dropbear.html
Note that for busybox telnetd to work you need several things:
First of all, your kernel needs:
UNIX98_PTYS=y
DEVPTS_FS=y
Next, you need a /dev/pts directory on your root filesystem:
$ ls -ld /dev/pts
drwxr-xr-x 2 root root 0 Sep 23 13:21 /dev/pts/
Next you need the pseudo terminal master multiplexer /dev/ptmx:
$ ls -la /dev/ptmx
crw-rw-rw- 1 root tty 5, 2 Sep 23 13:55 /dev/ptmx
Any /dev/ttyp[0-9]* files you may have can be removed.
Next, you need to mount the devpts filesystem on /dev/pts using:
mount -t devpts devpts /dev/pts
You need to be sure that Busybox has LOGIN and FEATURE_SUID enabled. And finally, you should make certain that Busybox has been installed setuid root:
chown root.root /bin/busybox
chmod 4755 /bin/busybox with all that done, telnetd _should_ work....
对Linux内核的配置而言,默认已经满足。我出现错误主要是在mdev的初始化上,因为对mdev不熟悉,导致在安排文件挂载顺序时不合理,总是提示找不到/dev/pts。对于mdev如何安排顺序,应该看一下文档中的mdev.txt.
-------------
MDEV Primer
-------------
For those of us who know how to use mdev, a primer might seem lame. For
everyone else, mdev is a weird black box that they hear is awesome, but can't
seem to get their head around how it works. Thus, a primer.
-----------
Basic Use
-----------
Mdev has two primary uses: initial population and dynamic updates. Both
require sysfs support in the kernel and have it mounted at /sys. For dynamic
updates, you also need to have hotplugging enabled in your kernel.
Here's a typical code snippet from the init script:
[1] mount -t sysfs sysfs /sys
[2] echo /bin/mdev > /proc/sys/kernel/hotplug
[3] mdev -s
Of course, a more "full" setup would entail executing this before the previous
code snippet:
[4] mount -t tmpfs mdev /dev
[5] mkdir /dev/pts
[6] mount -t devpts devpts /dev/pts
The simple explanation here is that [1] you need to have /sys mounted before
executing mdev. Then you [2] instruct the kernel to execute /bin/mdev whenever
a device is added or removed so that the device node can be created or
destroyed. Then you [3] seed /dev with all the device nodes that were created
while the system was booting.
For the "full" setup, you want to [4] make sure /dev is a tmpfs filesystem
(assuming you're running out of flash). Then you want to [5] create the
/dev/pts mount point and finally [6] mount the devpts filesystem on it.
-------------
MDEV Config (/etc/mdev.conf)
-------------
Mdev has an optional config file for controlling ownership/permissions of
device nodes if your system needs something more than the default root/root
660 permissions.
The file has the format:
:
For example:
hd[a-z][0-9]* 0:3 660
The config file parsing stops at the first matching line. If no line is
matched, then the default of 0:0 660 is used. To set your own default, simply
create your own total match like so:
.* 1:1 777
If you also enable support for executing your own commands, then the file has
the format:
: [ ]
The special characters have the meaning:
@ Run after creating the device.
$ Run before removing the device.
* Run both after creating and before removing the device.
The command is executed via the system() function (which means you're giving a
command to the shell), so make sure you have a shell installed at /bin/sh.
For your convenience, the shell env var $MDEV is set to the device name. So if
the device 'hdc' was matched, MDEV would be set to "hdc".
----------
FIRMWARE
----------
Some kernel device drivers need to request firmware at runtime in order to
properly initialize a device. Place all such firmware files into the
/lib/firmware/ directory. At runtime, the kernel will invoke mdev with the
filename of the firmware which mdev will load out of /lib/firmware/ and into
the kernel via the sysfs interface. The exact filename is hardcoded in the
kernel, so look there if you need to want to know what to name the file in
userspace.
我修改之后的初始化顺序为:
[root@listentec ~]#cat /etc/fstab
proc /proc proc defaults 0 0
mdev /dev tmpfs defaults 0 0
[root@listentec ~]#cat /etc/init.d/rcS
#!/bin/sh
# Initial Environment
# mount /etc/fstab spcified device
/bin/mount -a
# mount devpts in order to use telnetd
/bin/mkdir /dev/pts
/bin/mount -t devpts devpts /dev/pts
# read the busybox docs: mdev.txt
/bin/mount -t sysfs sysfs /sys
/bin/echo /sbin/mdev > /proc/sys/kernel/hotplug
/sbin/mdev -s
# when mdev is mounted, /sys can be umounted
/bin/umount /sys
这样,就没有问题了。
[root@listentec ~]#cat /etc/inittab
::sysinit:/etc/init.d/rcS
::respawn:-/bin/login
::restart:/sbin/init
::once:/sbin/telnetd -l /bin/login
::ctrlaltdel:/sbin/reboot
::shutdown:/bin/umount -a -r
::shutdown:/sbin/swapoff -a
现在只能是单独启动。使用inetd还不行。经过测试,没有问题。 至于telnet的服务是什么东东,想必很多人已经明白,而且还多文章也已经写清楚了。我仅仅是整理了一下相关的问题。希望有些帮助。
下面是以linux asianux 2.0为环境测试的。
1、问题:如何允许root用户登录:
因telnet本身是非安全的传输,默认的root用户是不能telent登录的,具体的解决方法:
方法1:修改/etc/pam.d/login文件中,缺省有一行:
auth required /lib/security/pam_security.so
注释该行,任何限制都没有,root当然可以直接telnet登陆。
方法2: 如果不注释该行,则必须验证,我们删除验证规则,即将/etc/securetty文件改名,
该文件是定义root只能在tty1~tty6的终端上登录的,详细的信息可以"man login"。
方法3. 如果不注释该行,则必须验证,我们更改验证规则,即在/etc/securetty文件中添加下列行:
pts/1
pts/2
.
pts/11
以上方法修改完毕之后重启xinetd服务即可生效。
2、问题报错:21:41:55 xmpan xinetd[6137]: Deactivating service stelnet due to excessive incoming connections. Restarting in 30 seconds.
解决方法:
通过以上报错信息可知: xinetd 管理的 stelnet服务允许的最大同时链接数不够导致xinetd暂停30秒。
因此,更改/etc/xinetd.d/stelnetd配置,将cps值更改为实际需要,并重启xinetd服务即可生效。
3、问题:不能使用telnet登录,客户端telnet时系统提示:telnetd:all network ports in use;执行ssh服务没有反应
解决方法:
因为ssh或telnet是要用到/dev/pts下面的终端号的如果他的挂载方式不对的话是启用不了对应的pts号的/etc/fstab文件中/dev/pts的挂载情况
用户的是
none /dev/pts tmpfs defaults 0 0
文件系统的挂载类型不对
要写成:
none /dev/pts devpts gid=5,mode=620 0 0
然后再重新挂载文件系统命令为:
mount -o remount -a
然后重启服务,
4、问题: [root@xmpan xinetd.d]# telnet 10.133.128.70
Trying 10.133.128.70...
Connected to xmpan (10.133.128.70).
Escape character is '^]'.
Unencrypted connection refused. Goodbye.
Connection closed by foreign host.
解决方法:
这个可能是这个系统中的krb5-telnet服务打开了。
将/etc/xinetd.d/ekrb5-telnet里面的disable改成=yes,再重启xinetd服务就好了。
注:krb5-telnet和telnet的区别:
krb5-telnet,依附于xinetd服务。不是独立的进程。其配置文件中写道:
# default: off
# description: The kerberized telnet server accepts normal telnet sessions, but can also use Kerberos 5 authentication.
其开启服务的方法:
将/etc/xinetd.d/krb5-telnet文件中的disable设置为no,重启xinetd即可启用telnet服务即可。
默认是不允许root用户登录。允许普通的telnet登陆,但也可使用kerberos5验证
telnet也是依附于xinetd服务,修改服务的状态需要配置文件是/etc/xinetd.d/telnet。
他的写的很清楚其中的说明如下:
The telnet server serves telnet sessions; it uses unencrypted username/password pairs for authentication.
即它使用未加密的用户名/密码对进行验证,默认的开启的。
5、问题:telnet服务登录很慢?
解决方法:
方法一:可将/etc/resolv.conf的nameserver注释掉。但是要是注消的话server就不可以上外网了。
[root@lxmpan etc]# cat resolv.conf
search localdomain
#nameserver 172.16.80.15
另一种方法:把客户端的/etc/hosts文件中加上主机名和本机IP对应的一行即可。这个是肯定不会影响网络速度的了~
523
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
