Topic: Telnet, FTP and Dial-Up Issues

[Michael McGirr]

I recently installed E-smith gateway and server onto one of my machines.  I am having a couple of problems.

1.  My dialup keeps getting disconnected.  I have a dedicated line for internet, but the setting appears to disconnect after 5 minutes of idle time.  I dont want this. Looked at the diald and diald.filter files but dont know which settings to change.

2.  I want users on my local network to be able to telnet and ftp to the server.  However, when connecting by telnet they get a message about not being able to access this except for mail.  And ftp is not allowed except as anonymous.  How do i change this.

Help!!!

[Colin Mattoon]

I have release 3.0, so this may be slightly different if you have a newer version. Anyway, in /usr/lib/diald/standard.filter there should be a section that reads:

# HTTP transfers hold the link for 5 minutes:
accept tcp 300 tcp.dest=tcp.www
accept tcp 300 tcp.source=tcp.www

The 300 refers to seconds, obviously.  So if you want to hold the link up for, say, 10 minutes -- change the 300 to 600 -- or whatever length you like. As you scroll down through the file, you might find other timing parameters you want to lengthen as well, things like FTP -- although I wouldn't change them until I encountered a problem.

After you write /usr/lib/diald/standard.filter, you need to enter the command:

/sbin/e-smith/signal-event console-save

And then, reboot.

At least, that's how I customized my servers to provide short up-times on my home system (with one phone line) and long connections at the office (with a line dedicated to the server).

[Colin Mattoon]

Also, others may feel differently, but I think it is a very sour idea to allow users to telnet to this machine.  I think you could set up accounts to allow this -- but why bother? The e-smith is pretty specialized and telnet just increases the security risks if used for anything but maintenance.  It would be pretty easy to set up another Linux box that isn't acting as your firewall to provide these services for your network -- and unless you have hundreds of users, a 486 with a reasonable amount of ram would suffice.

[Michael McGirr]

I know that this is not the best thing to do security wise but they need to telnet in to do some testing, development and compiling.  This not a primary machine and turning on telnet and ftp for everyone is only temporary.

[Colin Mattoon]

OK, as near as I have determined, e-smith 3.0 does not differ  from a stock RedHat 6.0 installation in this regard --except for the need to run the "signal-event console-save" command after editing the files...

Assuming you have enabled telnet access under security via the e-smith-manager web broswer setup (if not you can use the console as root after cntrl+alt+F3), login as root and open /etc/passwd -- and after that /etc/passwd-.

In each of these files you should find the ordinary users listed at the bottom. Using "vi" or another text editor change the entry /bin/sshell (found at the very end of the line) to:

/bin/sh

Once you have done that for each user you want this feature enabled for -- in both files -- run the command:

/sbin/e-smith/signal-event console save

Log out and the ordinary users you have set up with the bash shell should be able to telnet in.

I really have no idea what the security implications of this is -- bad, I'm certain -- but I can telnet into my server running version 3.0 as an ordinary user after doing this.

[Colin Mattoon]

THat should have been /sbin/e-smith/signal-event console-save

The dashes matter...

[Charlie Brady]

Colin Mattoon wrote:

> login as root and open
> /etc/passwd -- and after that /etc/passwd-.
>
> In each of these files you should find the ordinary users
> listed at the bottom. Using "vi" or another text
> editor change the entry /bin/sshell (found at the very end of
> the line) to:
>
> /bin/sh

You don't need to edit any files. Just do:

/usr/bin/chsh -s /bin/sh username

for each user you want to enable telnet access for.

Charlie

[Michael McGirr]

That worked great.  Now the users can telnet in what about ftp access?

I really appreciate all of your help.

[Charlie Brady]

Michael McGirr wrote:

> what about ftp access?

What about ftp access?

Grab a copy of the e-smith Users Guide, if you don't already
have one, and read up on what options already exist concerning
ftp access to ibays. If what is there does not suit you, you will need to change the proFTPd configuration, using the instructions for changing configuration templates to be found at http://www.e-smith.org/custom.

Read the Fine Manual, my man, read the Fine Manual

Charlie

[Colin Mattoon]

Charlie Brady wrote:

> Colin Mattoon wrote:
>
> > login as root and open > /etc/passwd -- and after that
> /etc/passwd-. > > In each of these files you should find
> the ordinary users > listed at the bottom. Using
> "vi" or another text > editor change the entry
> /bin/sshell (found at the very end of > the line) to: >
> > /bin/sh
>
> You don't need to edit any files. Just do:
>
> /usr/bin/chsh -s /bin/sh username
>
> for each user you want to enable telnet access for.
>
> Charlie

Now, that is a much more elegant solution!  If you ever get tired of Australian beer, we have an excellent brew pub here in town, and I'd be willing to ply you with gallons of the stuff after you streamline my network...my specialty is radio, not computers, and in that industry we work for peanuts