配置telnet
通过配置文件,我们可以设置telnet的连接时间、连接数、连接ip等,实现更加安全的连接
1、设置连接时间,参数“access_times”
[root@localhost wj]# gedit /etc/xinetd.d/telnet
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
access_times = 08:00-09:00 13:00-15:00 //规定允许连接的时间段8~9点,13~15点
}
[root@localhost wj]# service xinetd restart //重启服务
停止 xinetd: [确定]
正在启动 xinetd: [确定]
[root@localhost wj]# telnet 192.168.0.119 //尝试连接
Trying 192.168.0.119...
Connected to 192.168.0.119.
Escape character is '^]'.
Connection closed by foreign host. //连接失败
2、设置连接数,通过参数“instances”可以设置允许的连接数,超过之后就无法再连接了
[root@localhost wj]# gedit /etc/xinetd.d/telnet
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
instances = 1 //这里设置只允许一个连接,第二个就无法连接了
}
[root@localhost wj]# service xinetd restart //重启服务
停止 xinetd: [确定]
正在启动 xinetd: [确定]
[root@localhost wj]# telnet 192.168.0.119 //第一个连接
Connected to 192.168.0.119.
login: david
Password:
Last login: Thu Aug 16 09:10:22 from 192.168.0.119
already login //成功
[root@localhost wj]# telnet 192.168.0.119 //第二个连接
Connected to 192.168.0.119.
Connection closed by foreign host. //失败
3、允许/禁止特定的ip或者网段登录,参数“only-from”“no_access”
[root@localhost wj]# gedit /etc/xinetd.d/telnet
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
only_from = 192.168.0.113 //只允许113连接
# only_from = 192.168.0.0/24 //允许1~254连接
# only_from = 192.168.0.100-192.168.0.200 //允许100~200连接
# only_from = 192.168.0. //允许113和114连接
# no_access = 192.168.0.113 //禁止113连接,其他写法同上
}
4、允许root连接。只要将文件“/etc/securetty”删除,那么系统读不到这个文件,自然就会永续root登录
[root@localhost wj]# mv /etc/securetty /etc/securetty.bak //重命名该文件
[root@localhost wj]# service xinetd restart //重启服务
停止 xinetd: [确定]
正在启动 xinetd: [确定]
[root@localhost wj]# telnet 192.168.0.119 //连接
Trying 192.168.0.119...
Connected to 192.168.0.119.
login: root //使用root用户连接
Password:
Last login: Thu Aug 16 07:51:45 from 192.168.0.119
already login //连接成功
通过配置文件,我们可以设置telnet的连接时间、连接数、连接ip等,实现更加安全的连接
1、设置连接时间,参数“access_times”
[root@localhost wj]# gedit /etc/xinetd.d/telnet
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
access_times = 08:00-09:00 13:00-15:00 //规定允许连接的时间段8~9点,13~15点
}
[root@localhost wj]# service xinetd restart //重启服务
停止 xinetd: [确定]
正在启动 xinetd: [确定]
[root@localhost wj]# telnet 192.168.0.119 //尝试连接
Trying 192.168.0.119...
Connected to 192.168.0.119.
Escape character is '^]'.
Connection closed by foreign host. //连接失败
2、设置连接数,通过参数“instances”可以设置允许的连接数,超过之后就无法再连接了
[root@localhost wj]# gedit /etc/xinetd.d/telnet
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
instances = 1 //这里设置只允许一个连接,第二个就无法连接了
}
[root@localhost wj]# service xinetd restart //重启服务
停止 xinetd: [确定]
正在启动 xinetd: [确定]
[root@localhost wj]# telnet 192.168.0.119 //第一个连接
Connected to 192.168.0.119.
login: david
Password:
Last login: Thu Aug 16 09:10:22 from 192.168.0.119
already login //成功
[root@localhost wj]# telnet 192.168.0.119 //第二个连接
Connected to 192.168.0.119.
Connection closed by foreign host. //失败
3、允许/禁止特定的ip或者网段登录,参数“only-from”“no_access”
[root@localhost wj]# gedit /etc/xinetd.d/telnet
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
only_from = 192.168.0.113 //只允许113连接
# only_from = 192.168.0.0/24 //允许1~254连接
# only_from = 192.168.0.100-192.168.0.200 //允许100~200连接
# only_from = 192.168.0. //允许113和114连接
# no_access = 192.168.0.113 //禁止113连接,其他写法同上
}
4、允许root连接。只要将文件“/etc/securetty”删除,那么系统读不到这个文件,自然就会永续root登录
[root@localhost wj]# mv /etc/securetty /etc/securetty.bak //重命名该文件
[root@localhost wj]# service xinetd restart //重启服务
停止 xinetd: [确定]
正在启动 xinetd: [确定]
[root@localhost wj]# telnet 192.168.0.119 //连接
Trying 192.168.0.119...
Connected to 192.168.0.119.
login: root //使用root用户连接
Password:
Last login: Thu Aug 16 07:51:45 from 192.168.0.119
already login //连接成功
936
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
