How to create a telnet server ....chapter 2
pulz :: SOHO products :: SOHO products
Page 1 of 1
How to create a telnet server ....chapter 2
by Admin Sun Dec 16, 2007 7:07 am
Telnet Servers Available for Windows NT
Listed next are URLs of several telnet servers available for Windows NT. Out of these telnet servers, this chapter will discuss installation, configuration and administration issues of Pragma Systems, InterAccess Telnet server. You may obtain information about other Windows NT telnet servers by visiting their respective URLs:
* Pragma Systems, Inc. InterAccess Telnet Server
http://www.ccsi.com:80/pragma/
* SLnet Telnet Server
http://www.seattlelab.com/prodslnet.html
* Ataman TCP Remote Logon Services-Rlogind, Rexd and Telnetd Services
ftp://rmii.com/pub2/ataman/products/
After learning more about the InterAccess telnet server, you will be able to compare features of it with those of other telnet servers and select the server that best meets your needs.
Overview of the InterAccess Telnet Server
The InterAccess telnet server listens for incoming telnet connections on port 23. When a user connects to the telnet server, he or she is authorized with a username and a password. (See Fig-ure 29.1.)
Figure 29.1: After a telnet server is set up on an NT machine, a user can access it using a telnet client and his or her Windows NT username and password.
When a user is authenticated, he or she is presented with the Windows NT command prompt (CMD.EXE). You will be shown how to customize login prompts and change the default command shell in a later section of this chapter.
Installing the InterAccess Telnet Server
You need to be logged on as either the system administrator or a user with administrative rights in order to install the InterAccess telnet server. The server can be installed by executing the setup.exe file and specifying the directory you would like the telnet service to be installed in. When installation is complete, a new program group similar to the one shown in Figure 29.2 is created.
Figure 29.2: At the end of installation process, a new program group is created for the InterAccess telnet server.
After the program group shown in Figure 29.2 is created, execute the INETD icon to start the telnet server. As shown in Figure 29.3, by default, the telnet server is set to start automatically after your system is booted. By going into Control Panel and executing the Services application, the telnet server can be set to start manually, if so desired. The telnet service consumes negligible system resources; the section "Addressing Security Concerns," will deal with security issues associated with running a telnet server. Therefore, it is recommended that you leave this setting as it is.
Figure 29.3: By default, the InterAcess telnet server is configured to start automatically when the system is booted.
As shown in Figure 29.4, the InterAccess installation process also adds a new icon to the Control Panel. This icon, called Pragma Inetd, can be used to configure various programs to be started by the Inetd service.
Figure 29.4: A new icon is added to Control Panel by the installation program. This icon can be used to configure programs started by the INETD service.
Before users can log on using the telnet server, they need to be assigned the Windows NT user right Log On Locally. This right is assigned by invoking User Manager, choosing users who need telnet access and selecting Policies|User rights from the pull-down menu. You then will see the User Rights Policy dialog box shown in Figure 29.5. The user right Log On Locally can be selected from the pull-down list that lists various user rights. Afterwards, by clicking on the Add button, users or user groups can be given permission to access an NT machine via telnet.
Figure 29.5: The right Log On Locally can be assigned to a user or user group by using User Manager.
It might be easier for you to create a group called Telnet Users and assign the user right Log On Locally to this user group. You then will be able to easily control who has access to your server via telnet by examining members of the Telnet Users group.
Registry Keys
The InterAccess telnet server can be customized by making changes to the registry, as shown in Figure 29.6.
Figure 29.6: The Registry Editor can be used to customize various characteristics of the telnet server.
InterAccess Path
The following key contains the directory in which InterAccess is installed. This registry key should not be changed unless the InterAccess directory is moved.
\\HKEY_CLASSES_ROOT\InterAccess\Path
Greeting Message
A greeting message can be specified by modifying the following registry key. This greeting will be displayed when a user connects to the telnet server:
\\HKEY_CLASSES_ROOT\InterAccess\TelnetdGreetingMessage
The greeting message is a multiline key. Because the value of this key is displayed before a user is authenticated, it can be used to provide an e-mail address or a phone number to contact if assistance is needed.
Login Prompts
As you can see in Figure 29.1, login name: is the default user login prompt, and password is the default password prompt. These two prompts can be customized by modifying the following two registry keys:
\\HKEY_CLASSES_ROOT\InterAccess\TelnetdLoginNameMessage
\\HKEY_CLASSES_ROOT\InterAccess\TelnetdPasswordMessage
User Shell
The InterAccess server can be configured to use a shell of your choice. By default, the Windows NT command shell, CMD.EXE, is used. If you are more comfortable with a shell such as the Hamilton C-Shell for Windows NT, you can specify that shell to be used as the default user shell by modifying the following registry key:
\\HKEY_CLASSES_ROOT\InterAccess\TelnetdUserShell
Any character-based program that's compatible with Windows NT can be used as the user shell.
Shell Initialization File
A shell-initialization file can be specified in the registry. Just like the autoexec.bat file in DOS, this file is automatically executed each time a user logs on via the telnet server and can be used to set user-environment variables and execute programs.
\\HKEY_CLASSES_ROOT\InterAccess\TelnetdUserShellInitializer
This key will be used in a later section to implement OTPs on your server.
User Home Directories
The InterAccess server uses home directories specified in the Windows NT account database. The directory c:\ will be assumed if no home directory is specified for a user.
Home directories can be specified and changed using User Manager. After invoking User Manager, users to which you wish to assign a home directory can be selected. More than one user can be selected by pressing the Ctrl key and clicking on multiple users. After selecting one or more users, select Users|Properties to bring up the User Properties dialog box shown in Figure 29.7.
Figure 29.7: Home directories and login hours, as well as account and group permissions, can be viewed or changed using the User Properties dialog box.
To specify user home directories, click on the Profile button in the dialog box shown in Figure 29.7. You then will be presented with a User Environment Profile dialog box similar to the one shown in Figure 29.8. User Home directories can be defined using this dialog box by typing the full path name of the user's home directory. If more than one user was selected, an implicit path name such as I:\Users\%USERNAME% can be specified in this dialog box as shown in Figure 29.8.
Figure 29.8: User home directories can be specified by entering a valid path name in the space provided for the user Home Directory.
Addressing Security Concerns
When setting up any Internet service, security is a major concern. Because the telnet server presents users with a command prompt after validating a username and a password, precautions must be taken to keep a person with malicious intent from accessing your server using an intercepted username and password.
Implementing One-Time Passwords
Because the InterAccess server does not implement One-Time Passwords (OTPs) or achallenge/response mechanism to authenticate users, using clear-text user IDs and passwords can seriously compromise the security of your server.
One solution to this security nightmare is to implement OTPs on your telnet server. In the next section, a mechanism for implementing OTPs on your telnet server is given. In order for this to work, users should be given a list of valid passwords; each password is good enough for only one login. These passwords are saved in a text file and are used by a PERL script to change the user's password as soon as a user is authenticated to log on. You do not have to know how PERL scripts work to implement this PERL script. Full source code of the PERL script is given in the "PERL Script for Implementing One-Time Passwords" section. If PERL is not already installed on your system, refer to Chapter 16, "Introduction to Windows NT CGI Programming," to learn how to obtain and install PERL for Windows NT.
Although it might be cumbersome to create this password file and print a copy of it to users who will be accessing your telnet server, it's far better than compromising the security of your NT server. Many people are only all too familiar with the two commands del *.* and format.
Security
Because passwords of accounts used to access the telnet server may change often, it is recommended that separate telnet access accounts be created for users who use the telnet server.
Listed next are URLs of several telnet servers available for Windows NT. Out of these telnet servers, this chapter will discuss installation, configuration and administration issues of Pragma Systems, InterAccess Telnet server. You may obtain information about other Windows NT telnet servers by visiting their respective URLs:
* Pragma Systems, Inc. InterAccess Telnet Server
http://www.ccsi.com:80/pragma/
* SLnet Telnet Server
http://www.seattlelab.com/prodslnet.html
* Ataman TCP Remote Logon Services-Rlogind, Rexd and Telnetd Services
ftp://rmii.com/pub2/ataman/products/
After learning more about the InterAccess telnet server, you will be able to compare features of it with those of other telnet servers and select the server that best meets your needs.
Overview of the InterAccess Telnet Server
The InterAccess telnet server listens for incoming telnet connections on port 23. When a user connects to the telnet server, he or she is authorized with a username and a password. (See Fig-ure 29.1.)
Figure 29.1: After a telnet server is set up on an NT machine, a user can access it using a telnet client and his or her Windows NT username and password.
When a user is authenticated, he or she is presented with the Windows NT command prompt (CMD.EXE). You will be shown how to customize login prompts and change the default command shell in a later section of this chapter.
Installing the InterAccess Telnet Server
You need to be logged on as either the system administrator or a user with administrative rights in order to install the InterAccess telnet server. The server can be installed by executing the setup.exe file and specifying the directory you would like the telnet service to be installed in. When installation is complete, a new program group similar to the one shown in Figure 29.2 is created.
Figure 29.2: At the end of installation process, a new program group is created for the InterAccess telnet server.
After the program group shown in Figure 29.2 is created, execute the INETD icon to start the telnet server. As shown in Figure 29.3, by default, the telnet server is set to start automatically after your system is booted. By going into Control Panel and executing the Services application, the telnet server can be set to start manually, if so desired. The telnet service consumes negligible system resources; the section "Addressing Security Concerns," will deal with security issues associated with running a telnet server. Therefore, it is recommended that you leave this setting as it is.
Figure 29.3: By default, the InterAcess telnet server is configured to start automatically when the system is booted.
As shown in Figure 29.4, the InterAccess installation process also adds a new icon to the Control Panel. This icon, called Pragma Inetd, can be used to configure various programs to be started by the Inetd service.
Figure 29.4: A new icon is added to Control Panel by the installation program. This icon can be used to configure programs started by the INETD service.
Before users can log on using the telnet server, they need to be assigned the Windows NT user right Log On Locally. This right is assigned by invoking User Manager, choosing users who need telnet access and selecting Policies|User rights from the pull-down menu. You then will see the User Rights Policy dialog box shown in Figure 29.5. The user right Log On Locally can be selected from the pull-down list that lists various user rights. Afterwards, by clicking on the Add button, users or user groups can be given permission to access an NT machine via telnet.
Figure 29.5: The right Log On Locally can be assigned to a user or user group by using User Manager.
It might be easier for you to create a group called Telnet Users and assign the user right Log On Locally to this user group. You then will be able to easily control who has access to your server via telnet by examining members of the Telnet Users group.
Registry Keys
The InterAccess telnet server can be customized by making changes to the registry, as shown in Figure 29.6.
Figure 29.6: The Registry Editor can be used to customize various characteristics of the telnet server.
InterAccess Path
The following key contains the directory in which InterAccess is installed. This registry key should not be changed unless the InterAccess directory is moved.
\\HKEY_CLASSES_ROOT\InterAccess\Path
Greeting Message
A greeting message can be specified by modifying the following registry key. This greeting will be displayed when a user connects to the telnet server:
\\HKEY_CLASSES_ROOT\InterAccess\TelnetdGreetingMessage
The greeting message is a multiline key. Because the value of this key is displayed before a user is authenticated, it can be used to provide an e-mail address or a phone number to contact if assistance is needed.
Login Prompts
As you can see in Figure 29.1, login name: is the default user login prompt, and password is the default password prompt. These two prompts can be customized by modifying the following two registry keys:
\\HKEY_CLASSES_ROOT\InterAccess\TelnetdLoginNameMessage
\\HKEY_CLASSES_ROOT\InterAccess\TelnetdPasswordMessage
User Shell
The InterAccess server can be configured to use a shell of your choice. By default, the Windows NT command shell, CMD.EXE, is used. If you are more comfortable with a shell such as the Hamilton C-Shell for Windows NT, you can specify that shell to be used as the default user shell by modifying the following registry key:
\\HKEY_CLASSES_ROOT\InterAccess\TelnetdUserShell
Any character-based program that's compatible with Windows NT can be used as the user shell.
Shell Initialization File
A shell-initialization file can be specified in the registry. Just like the autoexec.bat file in DOS, this file is automatically executed each time a user logs on via the telnet server and can be used to set user-environment variables and execute programs.
\\HKEY_CLASSES_ROOT\InterAccess\TelnetdUserShellInitializer
This key will be used in a later section to implement OTPs on your server.
User Home Directories
The InterAccess server uses home directories specified in the Windows NT account database. The directory c:\ will be assumed if no home directory is specified for a user.
Home directories can be specified and changed using User Manager. After invoking User Manager, users to which you wish to assign a home directory can be selected. More than one user can be selected by pressing the Ctrl key and clicking on multiple users. After selecting one or more users, select Users|Properties to bring up the User Properties dialog box shown in Figure 29.7.
Figure 29.7: Home directories and login hours, as well as account and group permissions, can be viewed or changed using the User Properties dialog box.
To specify user home directories, click on the Profile button in the dialog box shown in Figure 29.7. You then will be presented with a User Environment Profile dialog box similar to the one shown in Figure 29.8. User Home directories can be defined using this dialog box by typing the full path name of the user's home directory. If more than one user was selected, an implicit path name such as I:\Users\%USERNAME% can be specified in this dialog box as shown in Figure 29.8.
Figure 29.8: User home directories can be specified by entering a valid path name in the space provided for the user Home Directory.
Addressing Security Concerns
When setting up any Internet service, security is a major concern. Because the telnet server presents users with a command prompt after validating a username and a password, precautions must be taken to keep a person with malicious intent from accessing your server using an intercepted username and password.
Implementing One-Time Passwords
Because the InterAccess server does not implement One-Time Passwords (OTPs) or achallenge/response mechanism to authenticate users, using clear-text user IDs and passwords can seriously compromise the security of your server.
One solution to this security nightmare is to implement OTPs on your telnet server. In the next section, a mechanism for implementing OTPs on your telnet server is given. In order for this to work, users should be given a list of valid passwords; each password is good enough for only one login. These passwords are saved in a text file and are used by a PERL script to change the user's password as soon as a user is authenticated to log on. You do not have to know how PERL scripts work to implement this PERL script. Full source code of the PERL script is given in the "PERL Script for Implementing One-Time Passwords" section. If PERL is not already installed on your system, refer to Chapter 16, "Introduction to Windows NT CGI Programming," to learn how to obtain and install PERL for Windows NT.
Although it might be cumbersome to create this password file and print a copy of it to users who will be accessing your telnet server, it's far better than compromising the security of your NT server. Many people are only all too familiar with the two commands del *.* and format.
Security
Because passwords of accounts used to access the telnet server may change often, it is recommended that separate telnet access accounts be created for users who use the telnet server.
Admin- Admin
- Posts : 14
Join date : 2007-12-13 -
Similar topicspulz :: SOHO products :: SOHO products
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|