Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Centos 5.5 configure telnet
- Thread starter Hawki
- Start date
The best way would be to use the SSH (rather than telnet) function of Putty. You will need to configure SSH (sshd) on the Centos machine if it isn't already. One Putty, you can simply add the user@domain and login for password authentication. If you wish to use RSA Keys it is a little more difficult. If I recall correctly, you need to use the Putty keygen utility to create a key in the form use by Putty and then export the public key to a PEM format (I think) which gets uploaded to the server.
Once you have your profile working, you can save and load it for easy access.
Once you have your profile working, you can save and load it for easy access.
have a gander:
Access Linux From Windows XP / Vista / 7 Systems
Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
Access Linux From Windows XP / Vista / 7 Systems
Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
Hi Hawki,
You can enable ssh by executing "service sshd start".
If you want to start the service automatically everytime you reboot the machine, the execute "chkconfig --level 235 sshd on"
Security considerations when you enable ssh connections:
-Never allow root user logging by ssh, instead use a normal user and then do 'su -'. To restrict root login, edit /etc/ssh/sshd.config file and find the line that says "#PermitRootLogging yes" to "PermitRootLogging no" (look at the #, it must be removed).
-Change ssh default port (22) to other. Edit /etc/ssh/sshd.config and find the line "Port 22" and change it.
-Allow only connection with protocol 2. Edit /etc/ssh/sshd.config and find the line "#Protocol 2,1" and update to reflect "Protocol 2".
Good luck,
You can enable ssh by executing "service sshd start".
If you want to start the service automatically everytime you reboot the machine, the execute "chkconfig --level 235 sshd on"
Security considerations when you enable ssh connections:
-Never allow root user logging by ssh, instead use a normal user and then do 'su -'. To restrict root login, edit /etc/ssh/sshd.config file and find the line that says "#PermitRootLogging yes" to "PermitRootLogging no" (look at the #, it must be removed).
-Change ssh default port (22) to other. Edit /etc/ssh/sshd.config and find the line "Port 22" and change it.
-Allow only connection with protocol 2. Edit /etc/ssh/sshd.config and find the line "#Protocol 2,1" and update to reflect "Protocol 2".
Good luck,
"-Never allow root user logging by ssh, instead use a normal user and then do 'su -'. "
I'd recommend going a step further - don't use "su -". Set up your admin accounts in /etc/sudoers and use "sudo su -" instead. That way no one needs to use the root password, and you'll have accountability in the logs for all sudo accesses.
I'd recommend going a step further - don't use "su -". Set up your admin accounts in /etc/sudoers and use "sudo su -" instead. That way no one needs to use the root password, and you'll have accountability in the logs for all sudo accesses.
it is considered bad practice to enable direct connection via ssh as route
best practice is to conect as an umpriveleged user & then escalate to root when necessary (either with su or sudo) returning back to the unpliveleged usere as soon as possible.
preventing ssh connectin as root means a potential hacker now has nmore information to uncover:
1) name of user account on system
2) password for unpriveleged user
3) password for root once access has been gained (unless using sudo)
for best security configure dsa key authentication & diaable password authentication completly.
I do not Have A.D.D. im just easily, Hey look a Squirrel!
best practice is to conect as an umpriveleged user & then escalate to root when necessary (either with su or sudo) returning back to the unpliveleged usere as soon as possible.
preventing ssh connectin as root means a potential hacker now has nmore information to uncover:
1) name of user account on system
2) password for unpriveleged user
3) password for root once access has been gained (unless using sudo)
for best security configure dsa key authentication & diaable password authentication completly.
I do not Have A.D.D. im just easily, Hey look a Squirrel!
+1 for for best security configure dsa key authentication & diaable password authentication completly. Hands down, using keybased authentication with passwords disabled is the number one thing you can do to protect your system from SSH attack!
I frequently see recommendations to move the port to something other than 22. My personal opinion is that this is futile as a quick nmap scan will reveal where it has been moved to. An effective variant of this called port knocking which requires you to know the combination to even see the SSH port.
If you find that you are getting a lot of noise traffic from scripts, there are several things you can do such as restrict access to a set of know IP addresses, use an active response tool like fail2ban, and add rate limiting to limit the number of connection attempts to slow them down greatly.
I frequently see recommendations to move the port to something other than 22. My personal opinion is that this is futile as a quick nmap scan will reveal where it has been moved to. An effective variant of this called port knocking which requires you to know the combination to even see the SSH port.
If you find that you are getting a lot of noise traffic from scripts, there are several things you can do such as restrict access to a set of know IP addresses, use an active response tool like fail2ban, and add rate limiting to limit the number of connection attempts to slow them down greatly.
- Status
Similar threads
