More Linux Server Topics - Network Diagram - About This Site
Chapter 12
Telnet, TFTP and XINETD
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
In This Chapter
© Peter Harrison, www.linuxhomenetworking.com
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Xinetd is a program used to start and stop a variety of Linux data communication applications. Some of these applications, such as Telnet, are installed by default in RedHat Linux, others such as TFTP, need to be installed afterwards.
Xinetd is pre-installed in newer RedHat versions and is configured to startup automatically at boot time. The configuration files for each of the network programs xinetd controls are located in the /etc/xinetd.d directory. Once you have edited the configuration files you’ll have to restart xinetd to make the configurations take effect.
[root@bigboy tmp]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@bigboy tmp]#
Remember that you will also be restarting all the other xinetd controlled processes. If you are logged into your Linux box via Telnet and then restart xinetd you will disconnect your self from your Linux server as Telnet would be restarted too.
Telnet
What is Telnet?
Telnet is a program that allows users to log into your server and get a command prompt just as if they were logged into the VGA console. Telnet is installed and enabled by default on RedHat Linux.
One of the disadvantages of Telnet is that the data is sent as clear text. This means that it is possible for someone to use a network analyzer to peek into your data packets and see your username and password. A more secure method for remote logins would be via Secure Shell (SSH) which uses varying degrees of encryption.
The command to do remote logins via telnet from the command line is simple. You enter the word "telnet" and then the IP address or server name to which you want to connect.
Here is an example of someone logging into a remote server named "smallfry" from server "bigboy". The user looks at the routing table and then logs out.
[root@bigboy root]# telnet 192.168.1.105
Trying 192.168.1.105...
Connected to 192.168.1.105.
Escape character is '^]'.
Linux 2.4.18-14 (smallfry.my-site.com) (10:35 on Sunday, 05 January 2003)
Login: peter
Password:
Last login: Fri Nov 22 23:29:44 on ttyS0
You have new mail.
[peter@smallfry peter]$
[peter@smallfry peter]$ netstat -nr
Kernel IP routing table
Destination
Gateway Genmask
Flags MSS Window irtt Iface
255.255.255.255 0.0.0.0 255.255.255.255
UH 40 0
0 wlan0
192.168.1.0 0.0.0.0
255.255.255.0 U 40
0 0 wlan0
127.0.0.0
0.0.0.0
255.0.0.0 U
40 0 0 lo
0.0.0.0 192.168.1.1
0.0.0.0
UG 40 0
0 wlan0
[peter@smallfry peter]$ exit
logout
Connection closed by foreign host.
[root@bigboy root]#
Setting Up A Telnet Server
By default Telnet is installed enabled on RedHat Linux. You can test whether the Telnet process is running with the following command which is used to check the TCP/UDP ports on which your server is listening:
[root@bigboy root]# netstat -a | grep telnet
tcp
0
0
*:telnet
*:* LISTEN
[root@bigboy root]#
If you want to disable Telnet then edit the file /etc/xinetd.d/telnet and set the disable parameter to "yes".
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable
= yes
}
You'll then have to restart xinetd for the new settings to take effect.
[root@bigboy tmp]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@bigboy tmp]#
TFTP
What is TFTP?
Cisco and other networking equipment manufacturers allow you to backup live configurations from routers and switches to workstations via the TFTP protocol. A remotely stored configuration file is always good to have. The reverse is also true, configurations can be loaded from the server to the network device. A common use of this reverse TFTP is the application of access control lists (ACLs) and even passwords from a centralized file.
Setting up a TFTP server
Most RedHat Linux software products are available in the RPM format. Downloading and installing RPMs isn’t hard. If you need a refresher, the chapter on RPMs covers how to do this in detail. The latest TFTP server version of the RPM for RedHat 8.0 is tftp-server0.29-3. Here are the steps to setting up the software:
o Install the package using the following command:
[root@bigboy tmp]# rpm -Uvh tftp-server-0.29-3.i386.rpm
o Edit the file /etc/xinetd.d/tftp and set disable to "no".
# default: off
# description: The tftp server serves files using the trivial
# file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to
# network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
only_from = 192.168.1.1
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
disable = no
per_source = 11
cps = 100 2
}
In this example, xinetd will only allow the TFTP server to accept connections from the router / switch / firewall with an address of 192.168.1.1. You can extend this list with commas in between or just comment it out al together for global access.
o Create a /tftpboot directory with global read write privileges
[root@bigboy tmp]# chmod 777 /tftpboot
o Restart xinetd
[root@bigboy tmp]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@bigboy tmp]#
o Each device must have a configuration file in the /tftpboot directory. Here's an example of what to do for a SOHO firewall with the name "pixfw" and a configuration filename that matches cisco's standard naming scheme of "devicename"-config
[root@bigboy tmp]# touch /tftpboot/pixfw-config
[root@bigboy tmp]# chmod 666 /tftpboot/pixfw-config
[root@bigboy tmp]# ll /tftpboot/
total 1631
-rw-rw-rw- 1 root root 3011 Oct 29 14:09 pixfw-config
[root@bigboy tmp]#
Configuring Cisco Devices for TFTP
You'll now have to configure your Cisco router / firewall to use the TFTP server. The following examples assume that the TFTP server's IP address is 192.168.1.100
Cisco PIX firewall
· Log onto the device, get into enable mode and then enter the TFTP commands
pixfw> enable
Password: ********
pixfw# configure terminal
pixfw(config)# tftp-server inside 192.168.1.100 /pixfw-config
pixfw(config)# exit
· Save the configuration to non volatile memory
pixfw# write memory
Building configuration...
Cryptochecksum: 3af43873 d35d6f06 51f8c999 180c2342
[OK]
pixfw#
· Save the configuration to the TFTP server
pixfw# write network
Building configuration...
TFTP write '/pixfw-config' at 192.168.1.100 on interface 1
[OK]
pixfw#
Cisco Switch Running CATOS
· Log onto the device, get into enable mode and then enter the TFTP commands
ciscoswitch> (enable) wr net
This command shows non-default configurations only.
Use 'write network all' to show both default and non-default configurations.
IP address or name of remote host? [192.168.1.100]
Name of configuration file?[ciscoswitch-config]
Upload configuration to ciscoswitch-config on 192.168.1.100 (y/n) [n]? y
.........
Finished network upload. (30907 bytes)
ciscoswitch> (enable)
Cisco Router
· Log onto the device, get into enable mode, then configure mode and then enter the TFTP commands
ciscorouter> enable
ciscorouter#write net
Remote host [192.168.1.100]? 192.168.1.100
Name of configuration file to write [ciscorouter-config]? ciscorouter-config
Write file ciscorouter-config on host 192.168.1.100? [confirm] y
ciscorouter# exit
Cisco CSS 111000 "Arrowpoints"
· Log onto the device and then enter the tftp commands
ciscocss# copy running-config tftp 192.168.1.100
ciscocss-config
Working..(\) 100%
Connecting (/)
Completed successfully.
ciscocss# exit
Cisco Local Director
· Log onto the device, get into enable mode, then configure mode and then enter the TFTP commands
ciscold> ena
Password:
ciscold# write net 192.168.1.100 ciscold-config
Building configuration...
writing configuration to //ciscold-config on 192.168.1.100:69 ...
[OK]
ciscold# exit
Using TFTP To Restore Your Router Configuration
One of the benefits of having a TFTP server is that you can save your configuration files on a remote server's hard disk. This can be very useful in the event of a router failure after which you need to reconfigure the device from scratch. One of the simplest ways of doing this using TFTP is to:
o Connect your router to the local network of the TFTP server
o Give your router the bare minimum configuration that allows it to ping your TFTP server. (No access controls or routing protocols)
o Use the copy command to copy the backup configuration from the TFTP server to your startup configuration in NVRAM.
o Disconnect the router from the network
o Reload the router without saving the live running configuration to overwrite the startup configuration. On rebooting, the router will copy the startup configuration stored in NVRAM into a clean running configuration environment
o Log into the router via the console and verify the configuration is OK
o Reconnect the router to the networks on which it was originally connected
Here are the commands:
ciscorouter> enable
Password: ********
ciscorouter# write erase
ciscorouter# copy tftp:file-name startup-config
ciscorouter# reload
Please be aware that the "write erase" command erases your NVRAM startup configuration and should always be used with great care.