Cabrillo College Linux Classes

[marcromansky]

the command to setup a tunnel from frodo to arwen is given as;
ssh -L 8000:192.168.2.9:23 cis192@107.30.4.107

on my home lab I don't have a 107 to tunnel to, so I used the static IP address that I had set up for Elrond.

[marcromansky]

I am not sure that I understand what is supposed to happen here:

ssh -L
[bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be
forwarded to the given host and port on the remote side.

ssh -L 8000:192.168.2.9:23 cis192@172.30.4.107

is this: bind local port 8000 to host 192.168.2.9 port 23 as user cis192 tunnelling through host 172.30.4.107 ?

[marcromansky]

based on the config, shouldn't I be able to telnet from elrond to arwen without a tunnel? I am getting connection refused. I set the SELinux settings to permissive on arwen, legolas and elrond.

[Rich Simms]

Yes, you should be able to telnet from Elrond to Arwen after the only_from = option is set.

I finally found out yesterday why I could telnet regardless of the user = option setting. Turns out when you yum install telnet-server, xinetd gets set up. This is the superdaemon umbrella for a number of TCP services.

What I discovered on the CentOS VM's is that there is already a dormant kerberos telnetd server installed. I was configuring the telnet-server but the krb5-telnet server was running (with its own separate configuration file). The krb5-telnet server was merrily accepting telnet connections regardless of the restrictions I configured for telnet-server.

You can see both servers with
type telnetd
type in.telnetd

and the config files with:
ls /etc/xinetd.d/*tel*

- Rich