Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
After installing Redhat 7.1, Can not ftp or telnet any more. Why? 2
- Thread starter Sina
- Start date
- Thread starter
- #3
Thanks for your prompt reply.
I just like to mention that this is a new install of Redhat 7.1 and I have done that like on 3 systems with different configs but all of them show the same results {No FTP and TElnet possible).
So I think Redhat has changed some config files.
Anyways as you suggested I looked at the files (the config file) but to be honest, I don't know what to change. Any help?
Thanks much,
Sina
I just like to mention that this is a new install of Redhat 7.1 and I have done that like on 3 systems with different configs but all of them show the same results {No FTP and TElnet possible).
So I think Redhat has changed some config files.
Anyways as you suggested I looked at the files (the config file) but to be honest, I don't know what to change. Any help?
Thanks much,
Sina
-
1
- #4
butchrecon
MIS
Here is something that works with REDHAT 7. VI the /etc/ftpusers file and put a # in front of the root (first listed). Then delete the /etc/securetty file. Those two allow ftp and telnet in redhat 7. James Collins
Computer Hardware Engineer
A+, MCP
email: butchrecon@skyenet.net
Computer Hardware Engineer
A+, MCP
email: butchrecon@skyenet.net
-
1
- #5
Wailey
Programmer
Hi mbr,
Actually i have face same type of problem as Sina....
After I had applied ur suggestions. My Telnet and FTP access is now functional.
However, i want to ask why the default is set to disable?? are there any special purpose ??
thanks for your help
Wailey
Actually i have face same type of problem as Sina....
After I had applied ur suggestions. My Telnet and FTP access is now functional.
However, i want to ask why the default is set to disable?? are there any special purpose ??
thanks for your help
Wailey
- Thread starter
- #9
butchrecon
MIS
How did you fix it? James Collins
Computer Hardware Engineer
A+, MCP
email: butchrecon@skyenet.net
Computer Hardware Engineer
A+, MCP
email: butchrecon@skyenet.net
- Thread starter
- #12
All I had to do was to : in /etc/xinetd.d/
change the files telnetd and ftpd.
RedHat 7.1 installs with the default disable = yes in both files.
I set them to no, restart the service and thats all.
/etc/rc.d/init.d/xinetd restart
Thanks for your help also.
change the files telnetd and ftpd.
RedHat 7.1 installs with the default disable = yes in both files.
I set them to no, restart the service and thats all.
/etc/rc.d/init.d/xinetd restart
Thanks for your help also.
butchrecon
MIS
Thanks
I will print this one for future use. Someone should create an FAQ on this for RedHat 7.1
James Collins
Computer Hardware Engineer
A+, MCP
email: butchrecon@skyenet.net
I will print this one for future use. Someone should create an FAQ on this for RedHat 7.1
James CollinsComputer Hardware Engineer
A+, MCP
email: butchrecon@skyenet.net
butchrecon
MIS
I am rather new to LINUX so bare with me. What I know I have learned via trial and error. So in redhat 7 is there another way to set up FTP and telnet without deletting /etc/securetty? James Collins
Computer Hardware Engineer
A+, MCP
email: butchrecon@skyenet.net
Computer Hardware Engineer
A+, MCP
email: butchrecon@skyenet.net
Sure,
Don't allow root to log in remotely except through a secure,
encrypted app. (SSH)
Normal users can login just fine w/out deleting anything.
Use a privileged account and an ftp daemon which allows some
flexibility (like proftpd, but all of them have problems)
in configuration and only allow user logins(no anonymous).
If you are worried about security, you should think seriously about replacing anything that sends passwords
in plain text over the wire.
Don't allow root to log in remotely except through a secure,
encrypted app. (SSH)
Normal users can login just fine w/out deleting anything.
Use a privileged account and an ftp daemon which allows some
flexibility (like proftpd, but all of them have problems)
in configuration and only allow user logins(no anonymous).
If you are worried about security, you should think seriously about replacing anything that sends passwords
in plain text over the wire.
Guest_imported
New member
- Jan 1, 1970
- 0
- 0
- 0
Hi,
I'mm also a newbie in Linux. Just installed Redhat 7.1 and I'm experiencing the same problem. It's just that I did everything you suggested but I still can't ftp or telnet to the server!! Any help would be appreciated!!
I'mm also a newbie in Linux. Just installed Redhat 7.1 and I'm experiencing the same problem. It's just that I did everything you suggested but I still can't ftp or telnet to the server!! Any help would be appreciated!!
Hi,
Just to go thru the things to look for again (this assumes you have the telnet-server and wu-ftpd rpms installed) :
First enable services under xinetd :
/sbin/chkconfig telnet on
/sbin/chkconfig wu-ftpd on
Then configure the firewall :
/usr/sbin/lokkit
or
/usr/sbin/gnome-lokkit
allow inbound telnet (port 23) and ftp (port 21).
You might then have to restart the network (I'm not sure if lokkit does that for you) because the ipchains commands generated by lokkit are read and invoked by the redhat network initialisation scripts.
You should then be able to get telnet and ftp logon prompts. Please note that you cannot logon as root, however, because of pam security restrictions. This limits root logons to only the ttys specified in /etc/securetty .
Hope this helps
Just to go thru the things to look for again (this assumes you have the telnet-server and wu-ftpd rpms installed) :
First enable services under xinetd :
/sbin/chkconfig telnet on
/sbin/chkconfig wu-ftpd on
Then configure the firewall :
/usr/sbin/lokkit
or
/usr/sbin/gnome-lokkit
allow inbound telnet (port 23) and ftp (port 21).
You might then have to restart the network (I'm not sure if lokkit does that for you) because the ipchains commands generated by lokkit are read and invoked by the redhat network initialisation scripts.
You should then be able to get telnet and ftp logon prompts. Please note that you cannot logon as root, however, because of pam security restrictions. This limits root logons to only the ttys specified in /etc/securetty .
Hope this helps
Guest_imported
New member
- Jan 1, 1970
- 0
- 0
- 0
I'm having troubles with rsh. I already edited /etc/xinetd.d/rsh (changing disable=yes to disable=no). The /etc/hosts.equiv gives access permition from my remote linux box. hosts.allow and hosts.deny are also properly configured, so i think this is not a tcpwrapper problem. No firewall chains are loaded.
I'm stuck! Please help!
I'm stuck! Please help!
Hi,
The r series of tools are regarded as insecure and for this reason they are shipped as disabled. They should work after your amendment to the xinetd file (assuming you re-started xinetd) but will not work as root for similar reasons that prevent telnet as root, i.e. pam modules come into play and read /etc/securetty . The default pam file (/etc/pam.d/rsh) is as follows :
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_env.so
auth required /lib/security/pam_rhosts_auth.so
account required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
So you have to change that or amend /etc/securetty . See --> .
Regards
The r series of tools are regarded as insecure and for this reason they are shipped as disabled. They should work after your amendment to the xinetd file (assuming you re-started xinetd) but will not work as root for similar reasons that prevent telnet as root, i.e. pam modules come into play and read /etc/securetty . The default pam file (/etc/pam.d/rsh) is as follows :
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_env.so
auth required /lib/security/pam_rhosts_auth.so
account required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
So you have to change that or amend /etc/securetty . See --> .
Regards
- Status
