This article has participated in the activity of “New person creation Ceremony”, and started the road of digging gold creation together
By default, the Linux operating system uses SSH to perform remote operations. Telnet is usually enabled during THE SSH upgrade. In this case, you can use Telnet to log in to the system after the SSH upgrade.
1. Search for the Telnet installation package
Prerequisites: The server can access the Internet
Before installing, first look for the Telnet installation package
/ root @ localhost ~ # yum list | grep Telnet server Telnet - server x86_64 1-0. 17-66. El7 updates/root @ localhost ~ # yum The list | grep xinetd xinetd. X86_64 2:2. 3.15-14. El7 baseCopy the code2. Install (yum)
Run the yum -y install telnet-server.x86_64 command to install the Telnet server
[root@localhost ~]# yum install install telnet-server.x86_64 Loaded plugins: fastestmirror ····· (process omitted) Installed: Telnet - server. X86_64 1-0. 17-66. El7 Complete!Copy the codeRun the yum -y install xinetd.x86_64 command to install the xinetd daemon
[root@localhost ~]# yum -y install xinetd.x86_64
Loaded plugins: fastestmirror
········(过程省略)
Installed:
xinetd.x86_64 2:2.3.15-14.el7
Complete!
Copy the code3.Configure and Start
3.1 Configuring startup
Run the systemctl enable xinetd.service and systemctl enable telnet.socket commands to enable the Telnet service to start automatically upon startup.
[root@localhost ~]# systemctl enable xinetd.service
[root@localhost ~]# systemctl enable telnet.socket
Created symlink from /etc/systemd/system/sockets.target.wants/telnet.socket to /usr/lib/systemd/system/telnet.socket.
Copy the code3.2 Starting the Service
Run systemctl start telnet.socket and systemctl start xinetd commands to start the Telnet service
[root@localhost ~]# systemctl start telnet.socket
[root@localhost ~]# systemctl start xinetd
Copy the codeRun the netstat -ntlp command to check the running ports. (If command not found is displayed, run the yum -y install net-tools command to install the network tool package.)
[root@localhost ~]# fastestMirror install Loaded plugins # fastestmirror install Installed: Net - tools. X86_64 0-2. 0-0.25.20131004 git. El7 Complete! Active Internet Connections (only Servers) Proto Recv -q send-q Local Address [root@localhost ~]# netstat -ntlp Foreign Address State PID/Program name TCP 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 987/ SSHD TCP 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1146/master tcp6 0 0 :::22 :::* LISTEN 987/sshd tcp6 0 0 :::23 :::* LISTEN 1/systemd tcp6 0 0 ::1:25 :::* LISTEN 1146/masterCopy the codeYou can see that the Telnet service is enabled on port 23.
Note: After the preceding steps are complete, you cannot log in through Telnet, because firewalld firewall service is enabled by default after the initial installation of centos, and only port 22 is enabled by default. Firewall configuration is also required.
3.3 Configuring Firewall Rules
Run the firewall-cmd –list-all command to view firewall configurations
[root@localhost ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Copy the codeAdd port 23 and restart the firewall. You can configure a firewall in either of the following ways:
- Open 23 ports directly to the public
- Enable port 23 only for terminals with specific addresses (recommended)
The first method is relatively simple and has low security. The operations are as follows:
[root@localhost ~]# firewall-cmd --add-port=23/ TCP --permanent Success [root@localhost ~]# firewall-cmd --reload # Restart firewall success [root@localhost ~]# firewall-cmd Public (active) target: default icMP-block-inversion: no interfaces: ens33 sources: services: dhcpv6-client ssh ports: 23/tcpCopy the codeThe second method has high security. If port 23 is enabled on only one terminal, you do not need to uninstall it later (of course, you are advised to uninstall it anyway). The operations are as follows:
[root@localhost ~]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=192.168.12.1 port Protocol = TCP port=23 Accept '#--permanent Success [root@localhost ~]# firewall-cmd --reload success [root@localhost ~]# firewall-cmd --list-all Public (active) Target: default ICMP-block-inversion: no interfaces: ens33 ······ Rule family="ipv4" source address="192.168.12.1" port Port ="23" protocol=" TCP "AcceptCopy the codeSource address is the IP address of the terminal that needs to access the server. The second firewall configuration is very practical. In server security, it is highly recommended to use the second firewall configuration. For example, the database server configuration allows only specific application servers to access the database, which greatly improves server environment security.
3.4 Security Configuration
You cannot log in to the system using root, and a login error message is displayed. Because the default root cannot be accessed remotely.
Kernel 3.10.0-1127.el7.x86_64 on an x86_64
localhost login: root
Password:
Login incorrect
Copy the codeYou also need to modify the /etc/securetty file
[root@localhost ~]# vim /etc/securetty
Copy the codeAdd the following at the end:
pts/0
pts/1
Copy the codeThe final content is as follows:
Console......... xvc0 PTS /0 PTS /1 ~Copy the code4 Test and Verification
Test logging in to Linux through Telnet on Windows
C:\Users\11> Telnet 192.168.12.101 Kernel 3.10.0-1127.el7.x86_64 on an x86_64 localhost login: (Enter your password) Last failed login: Wed Mar 30 22:45:11 CST 2022 from :: FFFF :192.168.12.1 on PTS /0 There was 1 Failed login attempt since the last Successful login. Last login: Wed Mar 30 19:04:51 from 192.168.12.1Copy the code5 closed Telnet
Turning off Telnet is simple, and there are many ways to turn it off.
- Removing firewall Configurations
- Stop the Telnet service and cancel the startup
- Remove the Telnet installation package completely
5.1 Deleting Firewall Configurations
Remove firewall configurations. Run different commands to remove firewall configurations. The core is to replace add with remove in the command to add the firewall configuration.
[root@localhost ~]# firewall-cmd --remove-port=23/ TCP --permanent [root@localhost ~]# Firewall-cmd --permanent --remove-rich-rule='rule family=ipv4 source address=192.168.12.1 port protocol= TCP port=23 Success [root@localhost ~]# firewall-cmd --reload # restart firewall success [root@localhost ~]# Firewall-cmd --list-all # Public (active) target: default icmp-block-inversion: no interfaces: ens33 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:Copy the code5.2 Stopping the Telnet Service and canceling the Startup
The command for stopping the service is similar to the command for starting the service. Change the start command to stop the service.
[root@localhost ~]# systemctl stop telnet.socket
[root@localhost ~]# systemctl stop xinetd
Copy the codeThe principle for disabling startup is the same. Replace enable with disable.
[root@localhost ~]# systemctl disable xinetd.service
Removed symlink /etc/systemd/system/multi-user.target.wants/xinetd.service.
[root@localhost ~]# systemctl disable telnet.socket
Removed symlink /etc/systemd/system/sockets.target.wants/telnet.socket.
Copy the code5.3 Completely Removing the Telnet installation package
Removing an installation package is similar to installing an installation package. Replace install with remove. (Did you discover something new?)
[root@localhost ~]# fastestmirror install: install, install, install, install Telnet - server. X86_64 1-0. 17-66. El7 Complete! [root@localhost ~]# fastestmirror Loaded plugins: fastestmirror Installed: Xinetd. X86_64 2:2. 3.15-14. El7 Complete!Copy the codeSo far, about the Telnet installation on CentOS7, uninstall Telnet method is completely introduced, hope to be useful to you.