Next, configure SELinux to listen to telnet on the new port you just specified: sudo semanage port -a -t telnetd_port_t -p tcp 450įinally, add a new firewall rule: firewall-cmd -add-port=450/tcp -perm ĭescription=TLS tunnel for network daemonsĮxecStartPre=-/usr/bin/mkdir /var/run/stunnelĮxecStartPre=/usr/bin/chown -R nobody:nobody /var/run/stunnel These lines create a chroot jail for the service when it starts. Now you can enable and start telnet and stunnel. systemctl enable telnet.socket -nowĪ note on the systemctl command is in order. Systemd and the stunnel package provide an additional template unit file by default. The template lets you drop multiple configuration files for stunnel into /etc/stunnel, and use the filename to start the service. If you want, you can set this stunnel template service to start on boot: systemctl enable Client Installation For instance, if you had a nf file, you could start that instance of stunnel with systemctl start without having to write any unit files yourself. This part of the article assumes you are logged in as a normal user ( with sudo privileges) on the client system. Install stunnel and the telnet client: dnf -y install stunnel telnetĬopy the stunnel.pem file from the remote server to your client /etc/pki/tls/certs directory. sudo scp the /etc/stunnel/nf file: cert = /etc/pki/tls/certs/stunnel.pem In this example, the IP address of the remote telnet server is 192.168.1.143. The accept option is the port that will be used for telnet sessions. Telnet: connect to address ::1: Connection refused Since you have a connection established, you will telnet to localhost instead of the hostname or IP address of the remote telnet server: ~]$ telnet localhost 450 Next, enable and start stunnel: systemctl enable -now The connect option is the IP address of your remote server and the port it’s listening on. I see several issues with this article, assuming that it is aimed towards beginners. There’s little point in generating insecure, self-signed certificates, when Let’s Encrypt is available and well integrated in Fedora.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |