服務管理——telnet
一 telnet服務端和客戶端
什麼是Telnet?
Telnet協議是TCP/IP協議族中的一員,是Internet遠程登陸服務的標准協議和主要方式。它為用戶提供了在本地計算機上完成遠程主機工作的能力。在終端使用者的電腦上使用telnet程序,用它連接到服務器。終端使用者可以在telnet程序中輸入命令,這些命令會在服務器上運行,就像直接在服務器的控制台上輸入一樣。可以在本地就能控制服務器。要開始一個telnet會話,必須輸入用戶名和密碼來登錄服務器。Telnet是常用的遠程控制Web服務器的方法。
[plain]
#Server01:安裝telnet服務端
[root@serv01 xinetd.d]# yum installtelnet-server* -y
#開啟服務
[root@serv01 xinetd.d]# chkconfig telnet on
#重啟xinetd服務
[root@serv01 xinetd.d]# /etc/init.d/xinetdrestart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
#再次查看網絡狀態
[root@serv01 xinetd.d]# netstat -langput |grep "telnet"
tcp 0 0 192.168.1.11:23 192.168.1.12:57169 ESTABLISHED 2488/in.telnetd: 19
[root@serv01 xinetd.d]# netstat -langput |grep "xin"
tcp 0 0 :::22 :::* LISTEN 2486/xinetd
tcp 0 0 :::23 :::* LISTEN 2486/xinetd
#Server02:安裝telnet客戶端
[root@serv02 .ssh]# yum install telnet -y
#客戶端通過telnet遠程連接登錄,注意一定要使用普通用戶
[root@serv02 .ssh]# telnet 192.168.1.11
Trying 192.168.1.11...
Connected to 192.168.1.11.
Escape character is '^]'.
Red Hat Enterprise Linux Server release 6.1(Santiago)
Kernel 2.6.32-131.0.15.el6.x86_64 on anx86_64
login: hongyi
Password:
Last login: Tue Aug 6 19:44:31 from 192.168.1.1
[hongyi@serv01 ~]$
二 telnet的特性
[plain]
#明文傳輸,不允許root登錄
#telnet是明文傳輸,不允許root登錄
#我們往往使用普通用戶登錄,然後su -切換到root用戶。
[root@serv02 .ssh]# telnet 192.168.1.11
Trying 192.168.1.11...
Connected to 192.168.1.11.
Escape character is '^]'.
Red Hat Enterprise Linux Server release 6.1(Santiago)
Kernel 2.6.32-131.0.15.el6.x86_64 on anx86_64
login: root
Password:
Login incorrect
[root@serv01 xinetd.d]# pwd
/etc/xinetd.d
[root@serv01 xinetd.d]# cat telnet
# default: on
# description: The telnet server servestelnet sessions; it uses \
# unencryptedusername/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
#service ssh:名字必須唯一,不要重復
三 telnet只允許某個IP或者某個網段訪問(only_from)
[plain]
#編輯文件,只允許192.168.1.12訪問
[root@serv01 xinetd.d]# vim telnet
[root@serv01 xinetd.d]# cat telnet
# default: on
# description: The telnet server servestelnet sessions; it uses \
# unencryptedusername/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
only_from = 192.168.1.12
}
#重啟服務
[root@serv01 xinetd.d]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
#serv02可以正常訪問
[root@serv02 .ssh]# telnet 192.168.1.11
Trying 192.168.1.11...
Connected to 192.168.1.11.
Escape character is '^]'.
Red Hat Enterprise Linux Server release 6.1(Santiago)
Kernel 2.6.32-131.0.15.el6.x86_64 on anx86_64
login: hongyi
Password:
Last login: Tue Aug 6 23:20:57 from 192.168.1.12
[hongyi@serv01 ~]$ exit
ogout
Connection closed by foreign host.
[root@serv02 .ssh]#
#serv02不可以正常訪問
[root@serv03 .ssh]# yum install telnet -y
[root@serv03 .ssh]# telnet 192.168.1.11
Trying 192.168.1.11...
Connected to 192.168.1.11.
Escape character is '^]'.
Connection closed by foreign host.
192.168.1.0/24 172.16.1.0/24
192.168.1.0/255.255.255.0 X
access_times = 8:30-17:00
四 telnet不允許某個IP或者某個網段訪問(no_access)
[plain]
#no_access
[root@serv01 xinetd.d]# vim telnet
[root@serv01 xinetd.d]# cat telnet
# default: on
# description: The telnet server servestelnet sessions; it uses \
# unencryptedusername/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
no_access = 192.168.1.12
}
[root@serv01 xinetd.d]# /etc/init.d/xinetdrestart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@serv02 .ssh]# telnet 192.168.1.11
Trying 192.168.1.11...
Connected to 192.168.1.11.
Escape character is '^]'.
Connection closed by foreign host.
[root@serv03 .ssh]# telnet 192.168.1.11
Trying 192.168.1.11...
Connected to 192.168.1.11.
Escape character is '^]'.
Red Hat Enterprise Linux Server release 6.1(Santiago)
Kernel 2.6.32-131.0.15.el6.x86_64 on anx86_64
login: hongyi
Password:
Last login: Tue Aug 6 23:41:22 from 192.168.1.12
[hongyi@serv01 ~]$
#網段
[root@serv01 xinetd.d]# vim telnet
[root@serv01 xinetd.d]# cat telnet
# default: on
# description: The telnet server servestelnet sessions; it uses \
# unencryptedusername/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
only_from = 192.168.1.0/24
}
[root@serv01 xinetd.d]# /etc/init.d/xinetdrestart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@serv02 .ssh]# telnet 192.168.1.11
Trying 192.168.1.11...
Connected to 192.168.1.11.
Escape character is '^]'.
Red Hat Enterprise Linux Server release 6.1(Santiago)
Kernel 2.6.32-131.0.15.el6.x86_64 on anx86_64
login: hongyi
Password:
Last login: Tue Aug 6 23:46:23 from 192.168.1.13
[hongyi@serv01 ~]$
[root@serv03 .ssh]# telnet 192.168.1.11
Trying 192.168.1.11...
Connected to 192.168.1.11.
Escape character is '^]'.
Red Hat Enterprise Linux Server release 6.1(Santiago)
Kernel 2.6.32-131.0.15.el6.x86_64 on anx86_64
login: hongyi
Password:
Last login: Tue Aug 6 23:48:15 from 192.168.1.12
[hongyi@serv01 ~]$
五 telnet允許或者禁止在某個時間段訪問(access_times、deny_time)
[plain]
#telnet允許或者禁止在某個時間段訪問,可以通過access_times、deny_time參數控制。比如:
#access_times 8:00-17:30
#deny_time 15:00-17:30