一、查看TELNET是否已经启动
linux:~ # chkconfig -list |grep telnet
telnet: off
二、查看TELNET的启动配置文件信息
linux:/etc/xinetd.d # more telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should \
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN \
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
disable = yes
}
此时,还是无法通过TELNET登陆
三、采用如下方法启动
linux:/etc/xinetd.d # chkconfig telnet on
linux:/etc/xinetd.d # chkconfig -list |grep telnet
telnet: on
linux:/etc/xinetd.d # ls
四、再来查看配置文件信息发现那个disable没有存在了
linux:/etc/xinetd.d # more telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should \
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN \
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
}
但此时还是无法通过TELNET登陆
五、需要对xinetd进行重新启动,因为TELNET是嵌入到了xinetd这个超级进程中,必须通过它来进行启动
linux:/etc/init.d # ./xinetd stop
Shutting down xinetd: done
linux:/etc/init.d # ./xinetd start
Starting INET services. (xinetd) done
linux:/etc/init.d #
此时可以通过其他正常用户TELNET登陆,但是无法使用ROOT登陆,信息如下
Welcome to SUSE LINUX Enterprise Server 9 (i586) - Kernel 2.6.5-7.97-smp (1).
linux login: root
Password:
Login incorrect
linux login: root
Password:
Login incorrect
linux login: oracle
Password:
Last login: Thu Jun 18 13:28:28 from 118.29.25.113
:~>
五、做如下操作使得ROOT可以登陆,但不建议使用,为保证安全
linux:/etc # mv securetty securetty.bak ----一定要使用这一步骤
linux:/etc #
linux:/etc # more ftpusers
pop
postfix
postgres
#root ----在ROOT前加个#注释掉
sapdb
skyrix
squid
uucp
virtuoso
保存退出后,然后就可以使用ROOT登陆了,信息如下
Welcome to SUSE LINUX Enterprise Server 9 (i586) - Kernel 2.6.5-7.97-smp (1).
linux login: root
Password:
2 failures since last login. Last was 14:25:24 on 1.
You have new mail in /var/mail/root.
Last login: Fri Jun 19 14:11:14 from 118.29.25.112
linux:~ #
六、只允许某个IP登陆,如223.78.75.188
linux:/etc/xinetd.d # vi telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should \
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN \
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
only_from = 223.78.75.188 -----这一步测试需要写入的参数
}
保存退出后,重启动xinetd服务,前面有过,此处不重复
之后通过我的电脑118.29.25.112则无法telnet了
七、只允许我的电脑118.29.25.112在某个时间段登陆,如15:30-16:00
linux:/etc/xinetd.d # vi telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should \
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN \
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
only_from = 118.29.25.112 -----这一步测试需要写入的参数
access_times = 15:30-16:00 -----这一步测试需要写入的参数
}
保存退出后,重启动xinetd服务,前面有过,此处不重复
此时也无法TELNET了,因为时间不匹配,测试的时候
若把时间改为正确的14:00--15:00则可以登陆,信息如下
linux:/etc/xinetd.d # vi telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should \
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN \
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
only_from = 118.29.25.112 -----这一步测试需要写入的参数
access_times = 14:00-15:00 -----这一步测试需要写入的参数
}
尝试登陆
Welcome to SUSE LINUX Enterprise Server 9 (i586) - Kernel 2.6.5-7.97-smp (1).
linux login: oracle
Password:
Last login: Fri Jun 19 14:38:29 from 118.29.25.112
:~>
八、允许每个客户端最多同时有3个TELNET联系到服务器
linux:/etc/xinetd.d # vi telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should \
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN \
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
only_from = 118.29.25.112
access_times = 14:00-15:00
per_source = 3 -----这一步测试需要写入的参数
}
保存退出后,重启动xinetd服务,前面有过,此处不重复
此时去连接的时候,到第4个连接是无法连上的
九、禁止我的电脑118.29.25.112登陆
linux:/etc/xinetd.d # vi telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should \
# therefore not be used. Use secure shell (openssh).
# If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN \
# uplink), add "-n". See 'man telnetd' for more details.
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.telnetd
only_from = 223.78.75.188
no_access = 118.29.25.112 -----这一步测试需要写入的参数
access_times = 14:00-15:00
per_source = 3
}
保存退出后,重启动xinetd服务,前面有过,此处不重复
此时我的电脑去连接的时候, 是无法成功的
十、关闭TELNET服务
linux:~ # chkconfig telnet off
linux:~ # chkconfig -list |grep telnet
telnet: off
linux:~ #
以下是参考:
修改instances的数量,修改可同时连接的telnet终端数量
instances = 10
如果要配置禁止登录的客户端列表,加入
no_access = 192.168.0.{2,3,4} #禁止192.168.0.2、192.168.0.3、192.168.0.4登录
如果要设置开放时段,加入
access_times = 9:00-12:00 13:00-17:00 # 每天只有这两个时段开放服务(我们的上班时间:P)
如果你有两个IP地址,一个是私网的IP地址如192.168.0.2,一个是公网的IP地址如218.75.74.83,如果你希望用户只能从私网来登录telnet服务,那么加入
bind = 192.168.0.2
