配置telnet     

通过配置文件,我们可以设置telnet的连接时间、连接数、连接ip等,实现更加安全的连接

1、设置连接时间,参数“access_times”

[root@localhost wj]# gedit /etc/xinetd.d/telnet

service telnet

{

    flags      = REUSE

    socket_type   = stream        

    wait       = no

    user       = root

    server     = /usr/sbin/in.telnetd

    log_on_failure    += USERID

    disable       = no

    access_times = 08:00-09:00 13:00-15:00           //规定允许连接的时间段8~9点,13~15

}

 

[root@localhost wj]# service xinetd restart         //重启服务

停止xinetd                                             [确定]

正在启动xinetd                                          [确定]

 

[root@localhost wj]# telnet 192.168.0.119           //尝试连接

Trying 192.168.0.119...

Connected to 192.168.0.119.

Escape character is '^]'.

Connection closed by foreign host.                  //连接失败

 

2、设置连接数,通过参数“instances”可以设置允许的连接数,超过之后就无法再连接了

[root@localhost wj]# gedit /etc/xinetd.d/telnet

service telnet

{

    flags      = REUSE

    socket_type   = stream        

    wait       = no

    user       = root

    server     = /usr/sbin/in.telnetd

    log_on_failure    += USERID

    disable       = no

    instances      = 1                                   //这里设置只允许一个连接,第二个就无法连接了

}

 

[root@localhost wj]# service xinetd restart         //重启服务

停止xinetd                                             [确定]

正在启动xinetd                                          [确定]

 

[root@localhost wj]# telnet 192.168.0.119          //第一个连接

Connected to 192.168.0.119.

login: david       

Password:

Last login: Thu Aug 16 09:10:22 from 192.168.0.119

already login                                          //成功

 

[root@localhost wj]# telnet 192.168.0.119        //第二个连接

Connected to 192.168.0.119.

Connection closed by foreign host.                //失败

 

3、允许/禁止特定的ip或者网段登录,参数“only-from”“no_access” 

[root@localhost wj]# gedit /etc/xinetd.d/telnet 

service telnet

{

    flags      = REUSE

    socket_type   = stream        

    wait       = no

    user       = root

    server     = /usr/sbin/in.telnetd

    log_on_failure    += USERID

    disable       = no

    only_from  = 192.168.0.113                     //只允许113连接

#   only_from  = 192.168.0.0/24                    //允许1~254连接

#   only_from  = 192.168.0.100-192.168.0.200    //允许100~200连接

#   only_from  = 192.168.0.                        //允许113114连接

#   no_access  = 192.168.0.113                    //禁止113连接,其他写法同上

 

4、允许root连接。只要将文件“/etc/securetty”删除,那么系统读不到这个文件,自然就会永续root登录

[root@localhost wj]# mv /etc/securetty /etc/securetty.bak     //重命名该文件

[root@localhost wj]# service xinetd restart                     //重启服务

停止 xinetd                                              [确定]

正在启动 xinetd                                          [确定]

[root@localhost wj]# telnet 192.168.0.119                       //连接

Trying 192.168.0.119...

Connected to 192.168.0.119.

login: root                                                          //使用root用户连接

Password:                                                              

Last login: Thu Aug 16 07:51:45 from 192.168.0.119

already login                                                        //连接成功