Shulou(Shulou.com)06/02 Report--

When there are unknown questions, come to the blog park and always find the answer or inspiration. I haven't posted a post for 3 months (I don't know how the administrator feels, but I won't seal my number). You can't just ask for it without paying. Xiaobai thought about it for a long time to understand the Telnet service building (according to the gourd, also need to know where the gourd came from), go to the complex and simple, simply tidy up, share it.

Why use something as old as Telnet when ssh on Linux is so easy to use? Recently, it has been a headache for SSH brute force enumeration vulnerabilities, but the final version of CentOS7 is 7.7 (only openssh7.4, want to upgrade to openssh 8.0), it is impossible to upgrade ssh with yum, rpm dependency (wipe sweat). So I can only learn to compile and install, the first time I use compilation to install this kind of artifact, I am really afraid of accidentally hanging up the sshd, get a spare tire, Telnet is also!

Text:

Setup 1 system Information installation

Post system information [figure 1]

[root@azeroth ~] # cat / etc/redhat-releaseCentOS Linux release 7.6.1810 (Core)

The following is the Telnet version query that has been installed, and there is no package information displayed if it is not already installed. [figure 2]

[root@azeroth ~] # rpm-qa | grep telnettelnet-server-0.17-64.el7.x86_64telnet-0.17-64.el7.x86_64 [root@azeroth ~] # rpm-qa | grep xinetdxinetd-2.3.15-13.el7.x86_64

Telnet remote login tool, Windows is often used to test port use (-. -!), Xinetd saw for the first time, the encyclopedia said it is a daemon to monitor network requirements (I wonder what other network services will use this besides telnet? (for advice), there is a configuration file called telnet to be written in here later.

Installation

Decisive YUM wow! (hehe, there is no net? ISO, optical drive these two must be the same, manually mount the production of CentOS-Media.repo source) [figure 3]

[root@azeroth] # yum install telnet telnet-server xinetd-yLoaded plugins: fastestmirrorLoading mirror speeds from cached hostfile * c7 medium.

After execution, you can see the results of [figure 2].

Setup 2 Telnet process configuration

Configuration (the key point is here)

After installation, a lot of configuration files will be generated in the / etc/xinetd.d/ directory. Ls will see if there is a configuration file named telnet. One of the two devices will have the default configuration of telnet after installation, while the other does not. The specific reason is unknown. For the time being, the reason has not been identified, but this is not important. You can refer to encyclopedia xinetd to make one, or you can copy one. [figure 4]

[root@azeroth ~] # ll / etc/xinetd.d/telnet-rw-r--r--. 1 root root 342 Oct 21 21:21 / etc/xinetd.d/telnet [root@azeroth ~] # cat / etc/xinetd.d/telnet# default: on# # description: The telnet server serves telnet sessions; it uses\ # # unencrypted username/password pairs for authentication.# service telnet# {# disable = yes# flags = REUSE# socket_type = stream# wait = no# user = root# server = / usr/sbin/in.telnetd# log_on_failure + = USERID#}

Configuration explanation (please give advice on where the explanation is wrong):

In the case of the existence of this profile, it does not need to be modified, and it is a personal test that ordinary users can log in to the Telnet server.

Description section: the telnet service is enabled by default, and the telnet server provides services for telnet sessions (nonsense). It authenticates with an unencrypted user name / password pair (try to create a user without an assigned password and do not log in).

{} part

# disable = yes / / what I understand probably means that the fields in {} are not used by default (there seems to be a problem with this understanding, the original text: "disable services in the default {}", hope to be guided by a great god)

# flags = REUSE / / I don't understand what it means here. Please help me to answer "logo = reusable"?

# socket_type = stream / / Network socket type

# user = root / / run the service using the root user

# server = / usr/sbin/in.telnetd / / execute process path

# log_on_failure + = USERID / / login failure log

Note: # disable = yes this field is yes or no is not a condition to determine whether to log in using root (here is misled by the posts searched by du Niang)

In fact, Setup3 has said so much and done many experiments and tests, this configuration file and whether you can use root to log in to Telnet is not directly related (to determine whether you can log in using root and another configuration is related to Setup 6 below), this configuration file is more related to the service process of Telnet, so the problem comes, does this configuration file have any meaning to exist? Of course, Xinet is used to monitor daemon network processes. Telnet is an object monitored by Xinetd, which is similar to listening, but it is more powerful than listening. For example, the configuration above is used as a configuration of how to monitor and with what permissions to monitor.

Setup3 is ready to start.

After completing the above installation and Xinetd configuration check, it is time to add self-starting and running services [figure 5, figure 6]

[root@azeroth ~] # systemctl enable xinetd.service

[root@azeroth ~] # systemctl start xinetd.service

[root@azeroth ~] # systemctl status xinetd.service

● xinetd.service-Xinetd A Powerful Replacement For Inetd

Loaded: loaded (/ usr/lib/systemd/system/xinetd.service; enabled; vendor preset: enabled)

Active: active (running) since Tue 2019-10-22 22:07:22 CST; 4min 29s ago

Main PID: 6883 (xinetd)

CGroup: / system.slice/xinetd.service

└─ 6883 / usr/sbin/xinetd-stayalive-pidfile / var/run/xinetd.pid

Oct 22 22:07:22 azeroth systemd [1]: Started Xinetd A Powerful Replacement For Inetd.

Oct 22 22:07:22 azeroth xinetd [6883]: removing discard

Oct 22 22:07:22 azeroth xinetd [6883]: removing discard

Oct 22 22:07:22 azeroth xinetd [6883]: removing echo

Oct 22 22:07:22 azeroth xinetd [6883]: removing echo

Oct 22 22:07:22 azeroth xinetd [6883]: removing tcpmux

Oct 22 22:07:22 azeroth xinetd [6883]: removing time

Oct 22 22:07:22 azeroth xinetd [6883]: removing time

Oct 22 22:07:22 azeroth xinetd [6883]: xinetd Version 2.3.15 started with libwrap loadavg labeled-networking options compiled in.

Oct 22 22:07:22 azeroth xinetd [6883]: Started working: 0 available services

[root@azeroth ~] # systemctl enable telnet.socket

[root@azeroth ~] # systemctl start telnet.socket

[root@azeroth ~] # systemctl status telnet.socket

● telnet.socket-Telnet Server Activation Socket

Loaded: loaded (/ usr/lib/systemd/system/telnet.socket; enabled; vendor preset: disabled)

Active: active (listening) since Tue 2019-10-22 22:07:06 CST; 6min ago

Docs: man:telnetd (8)

Listen: [:]: 23 (Stream)

Accepted: 1; Connected: 0

Oct 22 22:07:06 azeroth systemd [1]: Listening on Telnet Server Activation Socket.

Setup 4 Firewall release

The easiest to feel is also the most easily forgotten, how can not login after making trouble for a long time, the firewall forgot to let go! What Selinux hasn't been closed yet? (many posts that configure Telnet mention the need to shut down Selinux. I don't know what it means.) it doesn't exist. Do you still need to close Selinux after Firewall is released? Personal testing does not need to be turned off. After all, Selinux security context is the focus of security protection for Redhat series systems. It is recommended not to turn it off at will no matter what application is configured. After all, security issues cannot be ignored. [figure 7]

[root@azeroth] # firewall-cmd-- add-port=23/tcp-- permanentsuccess [root@azeroth] # firewall-cmd-- reloadsuccess

Setup 5 complete

After completing the above steps, you have basically realized the construction of the Telnet service. Go to CMD and use Telnet to connect to it. Please use ordinary users, root permissions are not enabled, if not, please follow the steps to check or reboot. [figure 8]

[root@azeroth ~] # telnet 192.168.11.130Trying 192.168.11.130...Connected to 192.168.11.130.Escape character is'^] '.Kernel 3.10.0-957.5.1.el7.x86_64 on an x86_64azeroth login: zymPassword:Last login: Tue Oct 22 20:09:08 from:: ffff:192.168.11.1 [zym@azeroth ~] $

Setup 6 Root permission login configuration

(it is not recommended to enable root permission. After the above ordinary users log in, you can su to switch root. One is easy, two security, and the best of both worlds.) if you need to log in to Telnet with root permission, you also need to configure / etc/securetty, and add the pts field that root allows to log in using telnet to the configuration file. [figure 9, figure 10]

[root@azeroth ~] # echo 'pts/0' > > / etc/securetty [root@azeroth ~] # echo' pts/1' > > / etc/securetty [root@azeroth ~] # tail-f / etc/securettyhvc4hvc5hvc6hvc7hvsi0hvsi1hvsi2xvc0pts/0pts/1 [root@azeroth ~] # systemctl restart telnet.socket

This is the end of the above introduction to the configuration of Telnet services for CentOS7.6 systems. Thank you!

The first time to publish an essay blog is a bit stretched. One is to learn more solidly; the other is to hope that there are passing gods or rookies like me to learn from each other; technology is used to share the benefits of mankind. Instead of working behind closed doors, and not just a tool for making money, this should not be the original intention of information sharing; third, seeing a lot of posts on the Internet are either incomplete or have holes, and rookies like me can be found if there is a need. In this way, you can take fewer detours and save time.

Summary

The above is the CentOS 7.6 Telnet service building process introduced by the editor (the first task of Openssh upgrade). I hope it will be helpful to you. If you have any questions, please leave me a message and the editor will reply to you in time. Thank you very much for your support to the website!

If you think this article is helpful to you, you are welcome to reprint it, please indicate the source, thank you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.