1. Telnet – port 23. (Can’t change the port number). Data transfer in Plaintext.
2. SSH – port 2. (Can change the port number). Data transfer in Encrypted mode.
· Select which service run during startup a machine
1. [#] nmap 192.168.1.1 – Display which port (service) is open in 192.168.1.1 PC
2. [#] ntsysv – Select a service by pressing space bar. Work for the console by
which the command given.
3. [#] setup then go to system services – Select a service by pressing space bar.
Work for the console by which the command given.
4. [#] chkconfig sshd on – ON the SSH service. Work for current run level.
5. [#] chkconfig –level 5 sshd off – Off the SSH service for run level 5.
6. [#] chkconfig –level 2345 sendmail off – off the sendmail service for run
level 2345.
7. [#] chkconfig –list sshd – Display SSH service is running in which run level.
8. [#] cd /etc – ls – There are 6 directory of each run level named
run level 0 – init 0 – rc0.d
run level 1 – init 1 – rc1.d
run level 2 – init 2 – rc2.d
run level 3 – init 3 – rc3.d
run level 4 – init 4 – rc4.d
run level 5 – init 5 – rc5.d
run level 6 – init 6 – rc6.d
Under each directory there are many file of different service. There is K or S before each service name [K- kill, do not run the service during startup the machine] [S – start, run the service during startup the machine] if we rename the file K25sshd to S25sshd [25 is the process id] the SSH process will start at run level.
[#] mv K25sshd S25sshd – Rename the file to S25sshd
[#] ls –l – Show the file included link file. /etc/rc0.d/S25sshd is link file. The
original file of /etc/rc0.d/S25sshd is in /etc/init.d/sshd location.
9. Manually script run at run level
[#] vi /etc/init.d/test – create a file
[#] chmod +x /etc/init.d/test – Give it executive permission
[#] ln –s /etc/init.d/test /etc/rc3.d/S30test – make link to /etc/rc3.d file
Telnet server configuration
Server end
1. [#] vi /etc/xinetd.d/krb5-telnet
disable = no – “no” is not case sensitive
!
2. [#] service xinetd restart
3. [#] service xinetd status – See the server is running or not.
Client end
In Telnet the data are transfer in plaintext (not encrypted) and it is not secure. For this reason we have to login telnet server by normal user [$] 1st then switch to root user [#]. Telnet do not support root user to login.
4. [$] telnet 192.168.1.2 – by IP
or
[$] telnet Linux1 – By Host name of server.
Login: mahmud – user mahmud should be exist in server PC.
Password: ****
5. [$] su - – Switch to root user.
Password: *** – Give password of root user.
6. For windows – cmd – telnet 192.168.1.2
7. [#] logout – Exit from telnet root user.
[$] logout – Exit from telnet normal user.
SSH (Secured Shell) server configuration
Server end
1. [#] rpm –qa | grep openssh-server – See the ssh package is installed or not
2. [#] rpm –ivh openssh-server* – Install all ssh package from 2nd CD.
3. [#] service sshd restart – Restart the demon service of ssh.
OR
4. [#] /etc/init.d/sshd restart – Restart the demon service of ssh.
5. [#] service sshd status – See the sshd service is running or not.
Client End
In SSH the data are transfer in encrypted mode and it is secure. For this reason we can login telnet server by both root user [#] and normal user [$].
6. [#$] ssh root@192.168.1.2 or ssh –l root 192.168.1.2 – Remotely login by root user
Password: **** – Give password of root.
7. [#$] ssh Alvi@192.168.1.2 or ssh –l root 192.168.1.2 – Remotely login by user Alvi.
Password: **** – Give password of user Alvi (server pc user).
8. [root@ns~]# ssh 192.168.1.2 – Try to remotely login as root user because currently client machine login user is root.
Password: **** – Give password of root
9. [Alvi@ns]$ ssh 192.168.1.2 – Try to remotely login as normal user Alvi because currently client machine login user is normal user. User Alvi must be existing in both server pc and client pc
Password: **** – Give password of user Alvi (server pc user).
10. Deny root user login by SSH
[#] vi /etc/ssh/sshd_config
#PermitRootLogin yes – erase the # and set no
:wq
[#] service sshd restart
11. Give SSH login permission to specific user
[#] vi /etc/ssh/sshd_config – Go to the last line by G and write-
AllowUsers mahmud suvo – Give SSH logging permission to only 2 users
(mahmud and suvo) can allow more user. AllowUsers are key sensitive
:wq
[#] service sshd restart
12. Deny SSH login permission to specific user
[#] vi /etc/ssh/sshd_config – Go to the last line by G and write-
DenyUsers mahmud suvo – Deny SSH logging permission to only 2 users
(mahmud and suvo) can deny more user. DenyUsers are key sensitive
:wq
[#] service sshd restart
13. Change SSH port number
[#] vi /etc/ssh/sshd_config – Search port by /port
port 27 – Erase # before the port and change the port from 22 to 27
!
[#] service sshd restart
[#] ssh root@192.168.1.1 – This command doesn’t work now because the default port of
SSH (22) is changed to 27
[#] ssh -p27 root@192.168.1.1 – [p-port, -p 27 also work]. This command is work.
14. SCP (secure copy) over SSH
[#] command sourcefile destination user@IP:directory
[#] scp /etc/passwd [client] root@192.168.1.1:home/Alex [server] – When I am in
client machine Give passwd file from etc/passwd [client] to /home/Alex directory of
192.168.1.1 [server]. Server machine must have to running the SSH service.
[#] scp -r /temp root@192.168.1.1:home/Alex – Directory transfer.
[#] scp root@192.168.1.1:/etc/passwd [server] /home/Alex [client] – When I am
in client machine Take passwd file from etc/passwd [server] to /home/Alex [client]
directory of 192.168.1.1 [server]. Server machine must have to running the SSH
service.
