1. sudo vi /etc/xinetd.d/telnet并加入以下内容:
# default: on
# description: The telnet server serves telnet sessions; it uses
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
更详细的配制/etc/xinetd.d/telnet脚本
service telnet
{
disable =no
bind =192.168.1.2
only_from=192.168.1.0/24
#上面这两行说明仅提供内部网段!
Instance =UNLIMITED
Nice =0
Flags =REUSE
socket_type=stream
wait =no
user =root
#server =/usr/sbin/telnetd
server =/usr/sbin/in.telnetd
server_args =-a none
log_on_failure +=USERID
}
service telnet
{
disable =no
bind =140.116.142.196
only_from=140.116.0.0/16
no_access=140.116.32.{10,26}
#上面三行设置外部较为严格的限制
instance =10
umask =022
nice =10
flags =REUSE
socket_type=stream
wait =no
user =root
#server =/usr/sbin/telnetd
server =/usr/sbin/in.telnetd
log_on_failure +=USERID
}
加设防火墙iptables:
如果想要针对192.168.0.0/24这个网段及61.xxx.xxx.xxx这个IP进行telnet开放,
可以增加下面几行规则:
/sbin/iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 --dport 23 -j
ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -s 61.xxx.xxx.xxx --dport 23 -j
ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 --dport 23 -j DROP
加设防火墙/etc/hosts.allow(deny)机制:
上面开放了192.168.0.0/24这个网段,但是如果您只想让其中的
192.168.0.1~192.168.0.5进入,可以设置如下 :
vi /etc/hosts.allow
in.telnetd:192.168.0.1,192.168.0.2,192.168.0.3,192.168.0.4,192.168.0.5:allow