topic Re: Control the telnet sessions in Operating System - Linux

Control the telnet sessions

peterchu — Fri, 23 Apr 2004 04:08:51 GMT

We have a RH Linux , and the users use telnet to access the system , how to control the no. of telnet to the system ? thx.

Re: Control the telnet sessions

Alexander Chuzhoy — Fri, 23 Apr 2004 04:19:58 GMT

add a line
instance = 3
to a file /etc/xinetd.d/telnet to limit the telnet to allow 3 simultanious connections.
service xinetd restart mut be executed after changes in /etc/xinetd.d/telnet file

Re: Control the telnet sessions

Stuart Browne — Sun, 25 Apr 2004 18:19:59 GMT

That will control the total number of telnet instances, not per user.

On a per-user basis, you'd best either use one of the funky scripts provided in various other threads on the same subject, or use pam to do the limiting in '/etc/pam.d/login':

session required /lib/security/pam_limits.so

And in '/etc/security/limits.conf' have an entry similar to:

* - maxlogins 3

To limit all users (except 'root' (or other UID 0 users)) to 3 simultaneous logins per user.

Re: Control the telnet sessions

Steven E. Protter — Sun, 25 Apr 2004 18:58:36 GMT

Excellent solutions Stuart.

I would add the following advice:

Drop telnet.

User authentication is happening in clear text. Even the root users password is easily sniffed by ethereal or a program that a user can bring in on a diskette or keychain drive.

Linux ships with openssh which includes ssh a telnet replacement with secure authentication.

A free windows version is at http://www.networksimplcity.com

SEP

Re: Control the telnet sessions

Stuart Browne — Sun, 25 Apr 2004 19:50:35 GMT

And the pam solution is portable to SSH too ;P Just use '/etc/pam.d/sshd' :)

Re: Control the telnet sessions

peterchu — Sun, 25 Apr 2004 20:42:45 GMT

thx replied , I treid to modify the file "/etc/xinetd.d/telnet"

the file as below now :
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
instances = 200
}

but the user telnet still can over 200 , could suggest what is wrong ?

Re: Control the telnet sessions

Stuart Browne — Sun, 25 Apr 2004 21:04:39 GMT

Did you re-start (or re-load) 'xinetd' after modifying '/etc/xinetd.d/telnet' ?

The command 'service xinetd reload' should be sufficient.

Setting it to 200 should mean that you can have 200 actively-used telnet sessions at any given moment.

My small-scale test (instances = 5) works, forcibly dropping any excess session attempts.

Re: Control the telnet sessions

peterchu — Mon, 26 Apr 2004 02:03:36 GMT

very thanks, it is OK after restart the service , I missed the previous message from Alex .