How to create a telnet server chapter 3
pulz :: SOHO products :: SOHO products
Page 1 of 1
How to create a telnet server chapter 3
by Admin Sun Dec 16, 2007 7:07 am
PERL Script for Implementing One-Time Passwords
Listed next is a simple PERL script to implement OTPs on the NT server. In order for this script to work, PERL needs to be installed on your server. If you have not installed PERL on your system already and need assistance installing it, please refer to Chapter 16, "Introduction to Windows NT CGI Programming." For your convenience, the following PERL script is included in the CD-ROM that accompanies the book.
# PERL OTP implementation for NT telnet server
# By Sanjaya Hettihewa and John Salmi
# Please change the following to the name of your
# password file as described in Chapter 29
$File = "passwords";
# Open the password file for reading
open( INPUT, "$File" ) || die( "$File: $!\n" );
# Read contents of the password file into an array
# ( memory )
@Array = <INPUT>;
# Close the password file after reading it
close( INPUT );
# Reverse the order of the lines in the password file
for each ( @Array ) {
push( @Array2, pop( @Array ));
}
# Free up memory used by Array
undef @Array;
# Execute command that changes the password
system( pop( @Array2 ));
# Reverse the order again, minus the line just executed
for each ( @Array2 ) {
push( @Array, pop( @Array2 ));
}
# Rewrite contents of original file, minus the line executed
open( OUTPUT, "> $File" ) || die( "$File: $!\n");
print( OUTPUT @Array );
close( OUTPUT );
After copying this file to home directories of users who will telnet to your server, change the line $File = "passwords" to the name of your password file (the filename is enclosed within quotation marks). An absolute path name has to be used if this file is not located in the user's home directory. The PERL script then executes the first line of the password file and deletes it from the file. Let us now examine the format of the password file.
Password File Used by PERL Script
The preceding PERL script takes advantage of the fact that user passwords can be changed from the Windows NT command prompt with the following command:
NET USER <user_name> <password>
where <user_name> is the name of the user you wish to change the password of, and <password> is the new password. The password file is simply a list of NET USER <user_name> <password> commands. The PERL script always executes the first line of this file and deletes it from the file. For example, if the password file is identical to the following listing:
net user carina 1
net user carina 12
net user carina 123
net user carina 1234
net user carina 12345
each time Carina logs on to the NT server via telnet, the PERL script will change her password by executing the first line of the password file. After this line is executed and a new password is set, that line will be deleted from the password file. For example, the first time Carina logs on, her password will be changed to 1, the second time to 12, and so forth. Because someone eavesdropping on a telnet connection never sees this file being executed by the PERL script, there is no way for an eavesdropper to use the same password used to access the system or find out what the new password is. Because a new password is always used by the PERL script, and a line is deleted from the password file, you should always see to it that there are enough passwords in the password file. It is a good idea to add at least 20 passwords to the password file, print a copy of it, and give it to users who will be connecting to your server.
When selecting passwords, you should make sure passwords that are chosen are not vulnerable to a dictionary attack. A dictionary attack uses a computer program to crack a user's password by repeatedly entering common words from a dictionary. When selecting passwords, make sure they are hard to guess by using alphanumeric characters along with other characters, such as those used to punctuate sentences.
Creating the Shell-Initializing File
The shell-initializing file is automatically executed as soon as a user is validated and logged on to your NT server. By adding the PERL script mentioned earlier to the shell-initialization file, the moment a user logs on, the telnet server will execute the PERL script and change the user's password. Because other commands might take a while to complete, the PERL script should be the first command in this file. Listed here is a sample shell-initialization file:
@ECHO OFF
ECHO OTP passwords are enabled
ECHO About to change your password
perl PasswordChange.pl
ECHO Your password has been changed
In Figure 29.9, you can see how the shell-initialization file gets executed as soon as a user logs on via the telnet server. The name of the shell-initialization file can be specified by modifying the registry, as demonstrated earlier.
Figure 29.9: As soon as a user is validated, the telnet server will execute the shellinitializtion file and change the use's password.
Limiting Access Times
Because InterAccess uses the Windows NT security database to authenticate users, by using User Manager it's possible to allow access to your server via telnet only during certain hours of the day, as described in Figure 29.10. Access can be restricted during certain hours or days by invoking User Manager, choosing Users, and selecting User|Properties. You then will be presented with a dialog box similar to the one shown in Figure 29.10.
Figure 29.10: User Manager can be used to restrict days and hours during which a user can connect to your server via telnet.
It is a good idea to allow telnet server access only when it is needed. For example, if the telnet server will be used only during regular business hours, access to your server can be restricted during off-business hours.
Administering the Telnet Server
The Telnet Manager icon shown in Figure 29.2 can be used to administer the InterAccess telnet server. Telnet Manager is an easy-to-use, graphical application for managing users connected to any Windows NT machine on the Internet running the InterAccess telnet server. In order to use Telnet Manager, you need to be the system administrator or a user with administrative rights. After invoking the Telnet Manager application, before administering a telnet server, you need to connect to a machine that runs InterAccess. This is done by selecting Manage|New Machine from the menu bar. After selecting New Machine, you will be presented with a dialog box similar to the one shown in Figure 29.11. In this dialog box, type the Internet address of the computer you wish to administer.
Figure 29.11: Before administering a telnet server, you need to connect to it by providing its Internet address.
After typing the Internet address, click on the OK button to continue. Next, you will be presented with a User Verification dialog box similar to the one shown in Figure 29.12. Use this dialog box to type in the user name and password of the system administrator or a user account with administrative permissions.
Figure 29.12: A username and a password that has administrative rights are required to manage the telnet server.
After providing a valid username and a password with administrative rights, the Telnet Manager will connect to the server you wish to manage and present you with a list of users logged on to that server. As you can see in Figure 29.13, this list contains usernames of users connected to the telnet server along with the time they logged on. Because this listing does not get updated automatically, View|Refresh needs to be selected to obtain the most up-to-date list of users logged on.
Figure 29.13: After connecting to a computer running InterAccess, User Manager will present you with a list of users logged on to the telnet server.
Additional information about a user, such as the process ID of the connection and the machine the user is connecting from, can be obtained by double-clicking on a user listed in Telnet Manager. The information you receive after double-clicking on a user is shown in Figure 29.14.
Figure 29.14: Additional information about a user listed in Telnet Manager.
By choosing a user and selecting User|Logoff, it is also possible to disconnect users from the telnet server.
Uninstalling the Telnet Server
The InterAccess telnet service can be uninstalled by executing the Uninstall InterAccess icon shown in Figure 29.2. To prevent users from losing their work, they should be given a chance to complete it and disconnect from the telnet server before commencing the uninstall process. In the unlikely event you encounter problems with the uninstall program, follow these directions to manually uninstall the telnet service:
1. Make sure all users are logged off the telnet server.
2. Stop the telnet service using the Services application in Control Panel or the net stop inetd command.
3. Delete the InterAccess directory and the two files %SYSTEMROOT%/system32/inetd.cpl and %SYSTEMROOT%/system32/inetdcpa.help.
4. Use the Windows NT Resource Kit utility INSTSRV.EXE to remove the telnet service. The telnet service can be removed by executing the command INSTSRV INETD REMOVE.
Summary
By reading this chapter, you learned about various issues that need to be addressed when setting up a telnet server. The chapter began with an introduction to how telnet servers work and a discussion of how you and your users can benefit from setting up a telnet server. Although only one telnet server was comprehensively covered, at the beginning of the chapter you were provided with a list of Windows NT telnet servers, along with their URLs. Out of these telnet servers, Pragma System's InterAccess telnet server was used to demonstrate how a telnet server can be set up under Windows NT. Virtually all aspects of utilizing and configuring the InterAccess server were covered to demonstrate how it can be customized to suit your needs.
Without compromising your server's security, you can now set up a telnet server on your system and configure it to meet your needs
Listed next is a simple PERL script to implement OTPs on the NT server. In order for this script to work, PERL needs to be installed on your server. If you have not installed PERL on your system already and need assistance installing it, please refer to Chapter 16, "Introduction to Windows NT CGI Programming." For your convenience, the following PERL script is included in the CD-ROM that accompanies the book.
# PERL OTP implementation for NT telnet server
# By Sanjaya Hettihewa and John Salmi
# Please change the following to the name of your
# password file as described in Chapter 29
$File = "passwords";
# Open the password file for reading
open( INPUT, "$File" ) || die( "$File: $!\n" );
# Read contents of the password file into an array
# ( memory )
@Array = <INPUT>;
# Close the password file after reading it
close( INPUT );
# Reverse the order of the lines in the password file
for each ( @Array ) {
push( @Array2, pop( @Array ));
}
# Free up memory used by Array
undef @Array;
# Execute command that changes the password
system( pop( @Array2 ));
# Reverse the order again, minus the line just executed
for each ( @Array2 ) {
push( @Array, pop( @Array2 ));
}
# Rewrite contents of original file, minus the line executed
open( OUTPUT, "> $File" ) || die( "$File: $!\n");
print( OUTPUT @Array );
close( OUTPUT );
After copying this file to home directories of users who will telnet to your server, change the line $File = "passwords" to the name of your password file (the filename is enclosed within quotation marks). An absolute path name has to be used if this file is not located in the user's home directory. The PERL script then executes the first line of the password file and deletes it from the file. Let us now examine the format of the password file.
Password File Used by PERL Script
The preceding PERL script takes advantage of the fact that user passwords can be changed from the Windows NT command prompt with the following command:
NET USER <user_name> <password>
where <user_name> is the name of the user you wish to change the password of, and <password> is the new password. The password file is simply a list of NET USER <user_name> <password> commands. The PERL script always executes the first line of this file and deletes it from the file. For example, if the password file is identical to the following listing:
net user carina 1
net user carina 12
net user carina 123
net user carina 1234
net user carina 12345
each time Carina logs on to the NT server via telnet, the PERL script will change her password by executing the first line of the password file. After this line is executed and a new password is set, that line will be deleted from the password file. For example, the first time Carina logs on, her password will be changed to 1, the second time to 12, and so forth. Because someone eavesdropping on a telnet connection never sees this file being executed by the PERL script, there is no way for an eavesdropper to use the same password used to access the system or find out what the new password is. Because a new password is always used by the PERL script, and a line is deleted from the password file, you should always see to it that there are enough passwords in the password file. It is a good idea to add at least 20 passwords to the password file, print a copy of it, and give it to users who will be connecting to your server.
When selecting passwords, you should make sure passwords that are chosen are not vulnerable to a dictionary attack. A dictionary attack uses a computer program to crack a user's password by repeatedly entering common words from a dictionary. When selecting passwords, make sure they are hard to guess by using alphanumeric characters along with other characters, such as those used to punctuate sentences.
Creating the Shell-Initializing File
The shell-initializing file is automatically executed as soon as a user is validated and logged on to your NT server. By adding the PERL script mentioned earlier to the shell-initialization file, the moment a user logs on, the telnet server will execute the PERL script and change the user's password. Because other commands might take a while to complete, the PERL script should be the first command in this file. Listed here is a sample shell-initialization file:
@ECHO OFF
ECHO OTP passwords are enabled
ECHO About to change your password
perl PasswordChange.pl
ECHO Your password has been changed
In Figure 29.9, you can see how the shell-initialization file gets executed as soon as a user logs on via the telnet server. The name of the shell-initialization file can be specified by modifying the registry, as demonstrated earlier.
Figure 29.9: As soon as a user is validated, the telnet server will execute the shellinitializtion file and change the use's password.
Limiting Access Times
Because InterAccess uses the Windows NT security database to authenticate users, by using User Manager it's possible to allow access to your server via telnet only during certain hours of the day, as described in Figure 29.10. Access can be restricted during certain hours or days by invoking User Manager, choosing Users, and selecting User|Properties. You then will be presented with a dialog box similar to the one shown in Figure 29.10.
Figure 29.10: User Manager can be used to restrict days and hours during which a user can connect to your server via telnet.
It is a good idea to allow telnet server access only when it is needed. For example, if the telnet server will be used only during regular business hours, access to your server can be restricted during off-business hours.
Administering the Telnet Server
The Telnet Manager icon shown in Figure 29.2 can be used to administer the InterAccess telnet server. Telnet Manager is an easy-to-use, graphical application for managing users connected to any Windows NT machine on the Internet running the InterAccess telnet server. In order to use Telnet Manager, you need to be the system administrator or a user with administrative rights. After invoking the Telnet Manager application, before administering a telnet server, you need to connect to a machine that runs InterAccess. This is done by selecting Manage|New Machine from the menu bar. After selecting New Machine, you will be presented with a dialog box similar to the one shown in Figure 29.11. In this dialog box, type the Internet address of the computer you wish to administer.
Figure 29.11: Before administering a telnet server, you need to connect to it by providing its Internet address.
After typing the Internet address, click on the OK button to continue. Next, you will be presented with a User Verification dialog box similar to the one shown in Figure 29.12. Use this dialog box to type in the user name and password of the system administrator or a user account with administrative permissions.
Figure 29.12: A username and a password that has administrative rights are required to manage the telnet server.
After providing a valid username and a password with administrative rights, the Telnet Manager will connect to the server you wish to manage and present you with a list of users logged on to that server. As you can see in Figure 29.13, this list contains usernames of users connected to the telnet server along with the time they logged on. Because this listing does not get updated automatically, View|Refresh needs to be selected to obtain the most up-to-date list of users logged on.
Figure 29.13: After connecting to a computer running InterAccess, User Manager will present you with a list of users logged on to the telnet server.
Additional information about a user, such as the process ID of the connection and the machine the user is connecting from, can be obtained by double-clicking on a user listed in Telnet Manager. The information you receive after double-clicking on a user is shown in Figure 29.14.
Figure 29.14: Additional information about a user listed in Telnet Manager.
By choosing a user and selecting User|Logoff, it is also possible to disconnect users from the telnet server.
Uninstalling the Telnet Server
The InterAccess telnet service can be uninstalled by executing the Uninstall InterAccess icon shown in Figure 29.2. To prevent users from losing their work, they should be given a chance to complete it and disconnect from the telnet server before commencing the uninstall process. In the unlikely event you encounter problems with the uninstall program, follow these directions to manually uninstall the telnet service:
1. Make sure all users are logged off the telnet server.
2. Stop the telnet service using the Services application in Control Panel or the net stop inetd command.
3. Delete the InterAccess directory and the two files %SYSTEMROOT%/system32/inetd.cpl and %SYSTEMROOT%/system32/inetdcpa.help.
4. Use the Windows NT Resource Kit utility INSTSRV.EXE to remove the telnet service. The telnet service can be removed by executing the command INSTSRV INETD REMOVE.
Summary
By reading this chapter, you learned about various issues that need to be addressed when setting up a telnet server. The chapter began with an introduction to how telnet servers work and a discussion of how you and your users can benefit from setting up a telnet server. Although only one telnet server was comprehensively covered, at the beginning of the chapter you were provided with a list of Windows NT telnet servers, along with their URLs. Out of these telnet servers, Pragma System's InterAccess telnet server was used to demonstrate how a telnet server can be set up under Windows NT. Virtually all aspects of utilizing and configuring the InterAccess server were covered to demonstrate how it can be customized to suit your needs.
Without compromising your server's security, you can now set up a telnet server on your system and configure it to meet your needs
Admin- Admin
- Posts : 14
Join date : 2007-12-13 -
Similar topicspulz :: SOHO products :: SOHO products
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|