|
一、
查看TELNET 是否已安装 出于安全考虑telnet-server.rpm 是默认没有安装的,而telnet 的客户端是标配。 linux: ~#rpm -qa telnet-server
如果没有安装,请安装telnet-server
如果需要加载光盘则进行加载后将server 的rpm 包复制到/tmp 下
linux: ~#mount –t iso9660 /dev/cdom /mnt/cdrom 到/tmp 目录下进行安装
linux: /tmp#rpm -ivh telnet-server*.i586.rpm
二、
重新启动xinetd 守护进程 由于telnet 服务也是由xinetd 守护的,所以安装完telnet-server ,要启动telnet 服务就必须重新启动xinetd
linux: ~#service xinetd restart 查看TELNET 是否已经启动 linux:~ # chkconfig -list |grep telnet
telnet: off 三、查看TELNET 的启动配置文件信息 增加disable = no ( 默认是yes, 默认不开启telnet 服务)
linux:/etc/xinetd.d # more telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should /
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN /
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
disable = no
}
四、采用如下方法启动
linux:/etc/xinetd.d # chkconfig telnet on
linux:/etc/xinetd.d # chkconfig -list |grep telnet
telnet: on
linux:/etc/xinetd.d # ls 五、再来查看配置文件信息发现那个disable 没有存在了
linux:/etc/xinetd.d # more telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should /
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN /
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
}
六、需要对xinetd 进行重新启动,因为TELNET 是嵌入到了xinetd 这个超级进程中,必须通过它来进行启动
linux:/etc/init.d # ./xinetd stop
Shutting down xinetd: done
linux:/etc/init.d # ./xinetd start
Starting INET services. (xinetd) done
linux:/etc/init.d # 先测试telnet localhost 是否可以登录 linux: telnet localhost Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Welcome to SUSE LINUX 10.1 (i586) - Kernel 2.6.16.21-0.25-default (1). 但从外部机器进行telnet 不成功,报无法连接到23 端口,考虑是防火墙有问题。 Yast 进行防火墙配置,将防火墙关闭,从外部机器telnet 成功。 但同时又发现一个问题: 可以通过其他正常用户TELNET 登陆,但是无法使用ROOT 登陆,信息如下
Welcome to SUSE LINUX 10.1 (i586) - Kernel 2.6.16.21-0.25-default (1). linux login: root
Password:
Login incorrect
linux login: root
Password:
Login incorrect
linux login: suse
Password:
Last login: Sat May 8 22:25:27 CST 2010 from 192.168.1.101 on pts/0
suse:~>
七、做如下操作使得ROOT 可以登陆
linux:/etc #
linux:/etc # vi /etc/pam.d/login
#auth required pam_securetty.so
保存退出 后,然后就可以使用ROOT 登陆了,信息如下
Welcome to SUSE LINUX 10.1 (i586) - Kernel 2.6.16.21-0.25-default (1). linux login: root
Password:
You have new mail in /var/mail/root.
linux:~ # 八、只允许某个IP 登陆,如192.168.1.101
linux:/etc/xinetd.d # vi telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should /
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN /
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
only_from = 192.168.1.101 ----- 这一步测试需要写入的参数
}
保存退出后,重启动xinetd 服务,之后通过我的电脑192.168.1.239 则无法telnet 了 九、只允许我的电脑192.168.1.239 在某个时间段登陆,如08 :30-23 :00
linux:/etc/xinetd.d # vi telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should /
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN /
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
only_from = 192.168.1.239 ----- 这一步测试需要写入的参数
access_times = 08:30-23:00 ----- 这一步测试需要写入的参数
}
保存退出后,重启动xinetd 服务,此时也无法TELNET 了,因为时间不匹配,我的suse 的时间还是中午12 点多,测试的时候
若把时间改为正确的(date -s ‘2010-05-08 22:30:00’ )则可以登 陆,信息如下
linux:/etc/xinetd.d # vi telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should /
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN /
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
only_from = 192.168.1.239 ----- 这一步测试需要写入的参数
access_times = 08:30-23:00 ----- 这一步测试需要写入的参数
}
尝试登陆
Welcome to SUSE LINUX 10.1 (i586) - Kernel 2.6.16.21-0.25-default (1). linux login: suse
Password:
suse:~> 八、允许每个客户端最多同时有3 个TELNET 联系到服务器
linux:/etc/xinetd.d # vi telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should /
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN /
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
only_from = 192.168.1.239
access_times = 08:30-30:00
per_source = 3 ----- 这一步测试需要写入的参数
}
保存退出后,重启动xinetd 服务,前面有过,此处不重复
此时去连接的时候,到第4 个连接是无法连上的 九、禁止我的电脑192.168.1.239 登陆
linux:/etc/xinetd.d # vi telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should /
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN /
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
only_from = 192.168.1.101
no_access = 192.168.1.239 ----- 这一步测试需要写入的参数
access_times = 14:00-15:00
per_source = 3
}
保存退出后,重启动xinetd 服务, 此时我的电脑去连接 的时候, 是无法成功的
十、关闭TELNET 服务
linux:~ # chkconfig telnet off
linux:~ # chkconfig -list |grep telnet
telnet: off
linux:~ #
以下是参考:
修改instances 的数量, 修改可同时连接的telnet 终端数量
instances = 10
如果要配置禁止登录的客户端列表,加入
no_access = 192.168.0.{2,3,4} # 禁止192.168.0.2 、192.168.0.3 、192.168.0.4 登录
如果要设置开放时段,加入
access_times = 9:00-12:00 13:00-17:00 # 每天只有这两个时段开放服务(我们的上班时间:P )
如果你有两个 IP 地址,一个是私网的IP 地址如192.168.0.2 ,一个是公网的IP 地址如218.75.74.83 ,如果你希望用户只能从私网来登录 telnet 服务,那么加入
bind = 192.168.0.2 | 
扫一扫
4274
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
