Linux作業系統開啟Telnet服務
安裝xinted
sudo apt-get install xinetd telnetd
設定xinted config
sudo vi /etc/xinetd.conf加入以下內容:
# Simple configuration file for xinetd# # Some defaults, and include /etc/xinetd.d/ defaults { # Please note that you need a log_type line to be able to use log_on_success # and log_on_failure. The default is the following : # log_type = SYSLOG daemon info instances = 60 log_type = SYSLOG authpriv log_on_success = HOST PID log_on_failure = HOST cps = 25 30 } includedir /etc/xinetd.dsudo vi /etc/xinetd.d/telnet加入以下內容:
# default: on # description: The telnet server serves telnet sessions; it uses # unencrypted username/password pairs for authentication. service telnet { disable = no flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID }重啟網路服務
sudo /etc/init.d/xinetd restart
使用TELNET Client遠程登錄,即可進行非root用戶訪問
使用root登錄:
修改/etc/pam.d/login,下面一行註釋掉即可。
#auth required lib/security/pam_securetty.so設定/etc/xinetd.d/telnet
service telnet { disable =no bind =192.168.1.2 only_from=192.168.1.0/24 #上面這兩行說明僅提供內部網段! Instance =UNLIMITED Nice =0 Flags =REUSE socket_type=stream wait =no user =root #server =/usr/sbin/telnetd server =/usr/sbin/in.telnetd server_args =-a none log_on_failure +=USERID }service telnet { disable =no bind =140.116.142.196 only_from=140.116.0.0/16 no_access=140.116.32.{10,26} #上面三行設置外部較為嚴格的限制 instance =10 umask =022 nice =10 flags =REUSE socket_type=stream wait =no user =root #server =/usr/sbin/telnetd server =/usr/sbin/in.telnetd log_on_failure +=USERID }加設防火牆,使用iptables:
針對193.16.0.0/24這個網段及61.xxx.xxx.xxx這個IP進行telnet開放,增加下面幾行規則:/sbin/iptables -A INPUT -p tcp -i eth0 -s 193.16.0.0/24 --dport 23 -j ACCEPT /sbin/iptables -A INPUT -p tcp -i eth0 -s 61.xxx.xxx.xxx --dport 23 -j ACCEPT /sbin/iptables -A INPUT -p tcp -i eth0 --dport 23 -j DROP加設防火牆,使用/etc/hosts.allow(deny):
上面開放了193.16.0.0/24這個網段,如果只想讓其中的193.16.0.1~5進入,vi /etc/hosts.allowin.telnetd:193.16.0.1,193.16.0.2,193.16.0.3,193.16.0.4,193.16.0.5:allow