CentOS 7.6 Telnet service construction process (Openssh upgrade battle first task backup transport line construction)

Whenever I have any unclear questions, I come to Blog Park and I can always find the answers or inspiration. I haven’t posted anything in 3 months since I started blogging (I don’t know what the administrator thinks, but I hope he won’t block my account). You can’t just take without giving in return. It took a newbie a long time to figure out how to set up a Telnet service (even if you copy others, you still need to know where the instructions come from). I will simplify it, organize it briefly, and share it with you.

Why do we still use Telnet, which is so old, when ssh on Linux is so easy to use? I've been troubled by the SSH brute force enumeration vulnerability recently. Unfortunately, the last version of CentOS7 is 7.7 (which only contains openssh7.4, and I want to upgrade to openssh 8.0). Upgrading ssh with yum is impossible because of the dependencies of rpm (sweat). . . . . . So I can only learn how to compile and install it. It’s the first time I use compile and install such a tool. I’m really afraid of accidentally hanging sshd, so I have a backup, which is Telnet!

text:

Setup 1 System Information Installation

Paste the system information [Figure 1]

[root@azeroth ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)

The following is a query of the Telnet version that has been installed. If it has not been installed, no package information will be displayed. [Figure 2]

[root@azeroth ~]# rpm -qa|grep telnet
telnet-server-0.17-64.el7.x86_64
telnet-0.17-64.el7.x86_64
[root@azeroth ~]# rpm -qa|grep xinetd
xinetd-2.3.15-13.el7.x86_64

Telnet is a remote login tool, often used to test ports in Windows (- .- !). This is the first time I have seen Xinetd. The encyclopedia says it is a daemon that monitors network needs (I wonder if there are any other network services that use this besides telnet? Please teach me). There will be a configuration file called telnet that will be written in it later.

Install

Definitely YUM wow! (Haha, no network? You need at least one of the two, ISO and CD-ROM drive. Manually mount and create the CentOS-Media.repo source) [Figure 3]

[root@azeroth ~]# yum install telnet telnet-server xinetd -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * c7-media:
......

After execution, you can view the result in [Figure 2].

Setup 2 Telnet process configuration

Configuration (the key point is here)

After the installation, many configuration files will be generated in the /etc/xinetd.d/ directory. Use ls to see if there is a configuration file named telnet. I have tried two devices. One of them has the default configuration of telnet after installation, but the other does not. The specific reason is unknown and has not been found out yet. However, it is not important. You can refer to the encyclopedia xinetd to create one, or you can copy one. [Figure 4]

[root@azeroth ~]# ll /etc/xinetd.d/telnet
-rw-r--r--. 1 root root 342 Oct 21 21:21 /etc/xinetd.d/telnet
[root@azeroth ~]# cat /etc/xinetd.d/telnet
# default: on
# # description: The telnet server serves telnet sessions; it uses \
# # unencrypted username/password pairs for authentication.
# service telnet
# {
# disable = yes
# flags = REUSE
# socket_type = stream
#wait = no
# user = root
# server = /usr/sbin/in.telnetd
# log_on_failure += USERID
# }

Configuration explanation (please point out any errors):

If this configuration file exists, there is no need to modify it. It is tested that ordinary users can log in to the Telnet server normally.

Description: By default, the telnet service is enabled, and the telnet server provides services for telnet sessions (nonsense). It uses unencrypted username/password pairs for authentication (I tried to create a user without an assigned password but still couldn't log in).

{ }part

# disable = yes // I understand that the fields in { } are not used by default (this understanding seems to be wrong, the original text: "used in the default {} to disable the service", I hope someone can give me some guidance)

# flags = REUSE // I don't understand what this means. Could someone please help me explain "flags = reusable"?

# socket_type = stream // Network socket type

# user = root //Use the root user to run the service

# server = /usr/sbin/in.telnetd //Execution process path

# log_on_failure += USERID //Login failure log

Note: # disable = yes This field is neither yes nor no. It is not a condition for determining whether you can log in as root (I was misled by the post I found on Baidu)

Actually, after talking so much about Setup3 and doing many experiments and tests, this configuration file has no direct relationship with whether you can use root to log in to Telnet (the decision of whether you can use root to log in is related to another configuration, which is described below in Setup 6). This configuration file is more related to the Telnet service process. So the question is, is there any meaning for this configuration file to exist? Of course, Xinet is used to monitor and guard network processes. Telnet is the object monitored and guarded by Xinetd, which is similar to the meaning of monitoring, but it has more powerful functions than monitoring. The above configuration is used for how to monitor and what permissions to use for monitoring.

Setup3 can be started

After completing the above installation and Xinetd configuration check, it is time to add the self-start and run service [Figure 5 Figure 6]

[root@azeroth ~]# systemctl enable xinetd.service
[root@azeroth ~]# systemctl start xinetd.service
[root@azeroth ~]# systemctl status xinetd.service
● xinetd.service - Xinetd A Powerful Replacement For Inetd
Loaded: loaded (/usr/lib/systemd/system/xinetd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-10-22 22:07:22 CST; 4min 29s ago
Main PID: 6883 (xinetd)
CGroup: /system.slice/xinetd.service
└─6883 /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid

Oct 22 22:07:22 azeroth systemd[1]: Started Xinetd A Powerful Replacement For Inetd.
Oct 22 22:07:22 azeroth xinetd[6883]: removing discard
Oct 22 22:07:22 azeroth xinetd[6883]: removing discard
Oct 22 22:07:22 azeroth xinetd[6883]: removing echo
Oct 22 22:07:22 azeroth xinetd[6883]: removing echo
Oct 22 22:07:22 azeroth xinetd[6883]: removing tcpmux
Oct 22 22:07:22 azeroth xinetd[6883]: removing time
Oct 22 22:07:22 azeroth xinetd[6883]: removing time
Oct 22 22:07:22 azeroth xinetd[6883]: xinetd Version 2.3.15 started with libwrap loadavg labeled-networking options compiled in.
Oct 22 22:07:22 azeroth xinetd[6883]: Started working: 0 available services

[root@azeroth ~]# systemctl enable telnet.socket
[root@azeroth ~]# systemctl start telnet.socket
[root@azeroth ~]# systemctl status telnet.socket
● telnet.socket – Telnet Server Activation Socket
Loaded: loaded (/usr/lib/systemd/system/telnet.socket; enabled; vendor preset: disabled)
Active: active (listening) since Tue 2019-10-22 22:07:06 CST; 6min ago
Docs: man:telnetd(8)
Listen: [::]:23 (Stream)
Accepted: 1; Connected: 0

Oct 22 22:07:06 azeroth systemd[1]: Listening on Telnet Server Activation Socket.

Setup 4 Firewall Release

What is easiest to feel is also the easiest to forget. I have been fiddling with it for a long time but still cannot log in. Maybe the firewall forgot to let me in! Why is Selinux not disabled yet? (Many posts about configuring Telnet mention the need to disable Selinux, but I don’t know what the purpose is) That doesn’t exist. Do I need to disable Selinux if Firewall allows it to pass? , I have personally tested that it does not need to be closed. After all, Selinux security context is the focus of security protection for Redhat series systems. No matter what application is configured, it is recommended not to close it at will. After all, security issues cannot be ignored. [Figure 7]

[root@azeroth ~]# firewall-cmd --add-port=23/tcp --permanent
success
[root@azeroth ~]# firewall-cmd --reload
success

Setup 5 Complete

After completing the above steps, the Telnet service has been basically established. Go to CMD and try using Telnet to connect! Please use a normal user, the root permission is not yet enabled, if it does not work, please follow the steps to check or reboot. [Figure 8]

[root@azeroth ~]# telnet 192.168.11.130
Trying 192.168.11.130...
Connected to 192.168.11.130.
Escape character is '^]'.
Kernel 3.10.0-957.5.1.el7.x86_64 on an x86_64
azeroth login: zym
Password:
Last login: Tue Oct 22 20:09:08 from ::ffff:192.168.11.1
[zym@azeroth ~]$

Setup 6 Root permission login configuration

(It is not recommended to enable root privileges. After logging in with a normal user, you can su to switch to root. This is convenient and safe, the best of both worlds.) If you need to log in to Telnet with root privileges, you also need to configure /etc/securetty and add the pts field that allows root to log in using telnet to the configuration file. [Figure 9 Figure 10]

[root@azeroth ~]# echo 'pts/0' >>/etc/securetty
[root@azeroth ~]# echo 'pts/1' >>/etc/securetty
[root@azeroth ~]# tail -f /etc/securetty
hvc4
hvc5
hvc6
hvc7
hvsi0
hvsi1
hvsi2
xvc0
pts/0
pts/1
[root@azeroth ~]# systemctl restart telnet.socket

The above is an introduction to the configuration of Telnet service in CentOS7.6 system. grateful!

It’s my first time publishing an essay blog post, and I’m a little stretched. I write blog posts for two reasons: one is to make my learning more solid; the other is to hope to have some experts I see passing by or newbies like me to discuss and learn from each other; technology is meant to be shared for the benefit of mankind. Rather than working in isolation, or just using it as a tool to make money, this should not be the original intention of information sharing; thirdly, many posts I see on the Internet are either incomplete or have pitfalls. If there are newbies like me who need them, they can search for them, so that they can take fewer detours and save time.

Summarize

The above is the process of setting up the CentOS 7.6 Telnet service (the first task of the Openssh upgrade battle: setting up a backup transport line). I hope it will be helpful to you. If you have any questions, please leave me a message and I will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!
If you find this article helpful, please feel free to reprint it and please indicate the source. Thank you!