Find the answer to your Linux question:
Results 1 to 9 of 9
i, I have made disabled = no in etc/xinetd.d/telnet and for ftp files and made changes in /etc/inetd.d/wu.ftp file disable=no and we have restarted the services but not able access ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2002
    Posts
    1

    ftp & telnet problem


    i,

    I have made disabled = no in etc/xinetd.d/telnet and for ftp files and made
    changes in /etc/inetd.d/wu.ftp file disable=no and we have restarted the services
    but not able access FTP or Telnet says copuld not open a connection.
    I have tried to check the redhat-config-securitylevel and the security level is shown
    HIgh but i am trying to disable or make Medium low after asking do you want save but
    after saying YES . if you check again security tab Firewall security level will has not
    been changed. i have tried with GNOME Lokkit and after saying security level either to DISABLED OR
    MEDIUM it is searching for some mailing and that's all .

    Could you please guide me how to achieve this FTP AND TELNET

  2. #2
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    First off, why don't you use ssh instead of telnet. I personally don't like the idea of having username/password sent in clear text. As for ftp, I would stay away from wuftpd. Check out proftpd which is what I used on the servers at work. Very secure and has a lot more options then others. If you want to use wu, you can run it as a standalone server instead of through xinetd.

  3. #3
    Linux User
    Join Date
    Jul 2002
    Location
    Daytona Beach, FL
    Posts
    487
    ok, well if your security level is high then the firewall scrpt is blocking the ports, you will need to open port 21 for ftp (and possibly some more for passive, lets not get into that unless you want to)

    the easiest way would be to use ssh and sftp (a secure replacement for ftp) that both use port 22 and dont require any additional configuration. sftp is built into the ssh rpm's - you can download then, set your firewall to open port 22 and your in good shape.

    If you have ftp for a reason, again use port 21
    majorwoo

    Quiet brain, or I\'ll stab you with a Q-tip.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Jan 2003
    Posts
    4

    I would stay away from wuftpd. Check out proftpd

    I've heard that so often "I would stay away from wuftpd. Check out proftpd"

    Using the Redhat support page It mentions "Basic configuration setup for both wu-ftpd and proftpd"

    Where is proftpd found? How do I install it?
    I see no reference to it anywhere else?

  6. #5
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994

  7. #6
    Just Joined!
    Join Date
    Feb 2003
    Location
    In the state of mind between reality and confusion...
    Posts
    6
    I would have to concur genlee. Telnet is a hacker's dream. I would get that service shut off ASAP. SSH is a lot better and is one port lower than telnet. As far as the ftp is concerned, I would have to agree with majorwoo. SFTP is the IT preferred way to ftp something, and it still only requires the same port as ssh. The other nice thing about SFTP is it's really simple to chroot people to their home directories if you are going to have quite a few users on the system.

    www.openssh.com

    You can get the tarball here. Very nice. Very efficient. Pretty dang safe.

  8. #7
    Just Joined!
    Join Date
    Mar 2005
    Location
    Ghana
    Posts
    35
    don't compromise ur box!

    SSH n PROFTP are the best, use this option and apply some wrappers on ur Linux box.

    Example of TCP wrapper

    edit /etc/hosts.deny
    add in.telnetd:ALL: severity emerg

    ther are more u can implement but then safety lies in the middle route.

    best in the PENGUIN

    urs in LINUX

  9. #8
    Just Joined!
    Join Date
    May 2005
    Location
    Toronto
    Posts
    9

    Not the best.. just what I do.

    I would also agree that SSH is the way to go (no telnet).
    As for FTP servers, I have used wuftp before and found it worked fine but took some tweaking. Now I use vsftp and it works great.

    Configure it to only allow specific users in. Make these user accounts have a shell of 'nologin' (or whatever your distro uses). And use a period in the passwd file to chroot them to where you want them. I usually disable anonymous logins as well.

    Anybody see any problems with this?

  10. #9
    Just Joined!
    Join Date
    Apr 2005
    Posts
    6

    Re: Not the best.. just what I do.

    Quote Originally Posted by sparkix
    I would also agree that SSH is the way to go (no telnet).
    As for FTP servers, I have used wuftp before and found it worked fine but took some tweaking. Now I use vsftp and it works great.

    Configure it to only allow specific users in. Make these user accounts have a shell of 'nologin' (or whatever your distro uses). And use a period in the passwd file to chroot them to where you want them. I usually disable anonymous logins as well.

    Anybody see any problems with this?
    Totally agree, SSH is a great remote admin tool that provides secure encrypted communications. If you want to see the difference between secure and insecure I suggest that you install ethereal and perform a capture via ssh and a capture via ssh you will notice the difference i.e. no username/password broadcasted over the network.

    SSH onces configured can be very powerful and secure. I would suggest permitrootlogins to no. A listen address rather than listening to any ip i.e. listen 192.168.1.50 and changing the port to a higher port such as 24567.

    Configuration of users for specific services rather than general user login and anonymous logins is a good technique as it gives you greater scope to log, detect and prevent attacks.

    ProFTPD would be my choice of FTP Server along with some configuration.

    Get some bandwidth monitoring and permissions set and we can keep close tracks on what is going on.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •