Configuring services for unusual ports

How would I go about configuring my xinetd's kr5-telnet server on my red hat
Linux 8.0 box to respond to a port other than the standard port 23? (As you
can see from my signature file below, I've already got port 23 on my network
being answered by a different machine.)

I'm getting ready to take a trip and will need to be able to remotely access
my machine while gone, but my laptop doesn't have a SSH client on it. My
firewall already blocks or forwards all the ports that I might use except
for an odd one that I have open for another service that will not be running
during this time. Any help on this will be greatly appreciated. (I did check
the man pages and info pages without luck, though I don't mind reading them
if someone can point me to one that will answer this.) You may also be able
to tell by now that I'm fairly new at Linux, if you need more info to be
able to answer this, please let me know.

I apologize for the cross-posting, but I'm hoping that by including a single
newsgroup for follow-up this post may get seen by enough people to get an
answer for me reasonably quickly while not spamming a bunch of newsgroups,
if I've done this wrong, I'll take the flames that I know some folks are
just dying to dish out without complaint.
-=Conner=-

--
Visit The Castle's Dungeon BBS at telnet://tcdbbs.zapto.org for some family
fun in a medieval setting, or come test your mettle in the Land of Legends,
our MUD, at telnet://tcdbbs.zapto.org:4000
For general info, visit http://www.tcdbbs.zapto.org

On 2004-12-12, Conner Destron <(E-Mail Removed)> wrote:
> How would I go about configuring my xinetd's kr5-telnet server on my red hat
> Linux 8.0 box to respond to a port other than the standard port 23?

Don't run it trough xinetd, run it as a stand-alone daemon. If you run it
in 'debug' mode (not trought inetd/xinetd, you can specify the port number).
But I don't suggest this, install an ssh client on your laptop.

> my machine while gone, but my laptop doesn't have a SSH client on it.

And installing one isn't an option?

Davide

--
Q: What is the difference between Jurassic Park and Microsoft?
A: One is an over-rated high tech theme park based on prehistoric information
and populated mostly by dinosaurs, the other is a Steven Spielberg movie.

Conner Destron wrote:
> How would I go about configuring my xinetd's kr5-telnet server on my red hat
> Linux 8.0 box to respond to a port other than the standard port 23? (As you
> can see from my signature file below, I've already got port 23 on my network
> being answered by a different machine.)

Edit your /etc/xinetd.d/kr5 (or what the kerberos service config file may be
called) and add between the { }

port = 2431


> I'm getting ready to take a trip and will need to be able to remotely access
> my machine while gone, but my laptop doesn't have a SSH client on it.

Oh, it's so difficult to install... take 2 mins to install one.
If you happens to have bill gates software on it, do a ggole for putty and you
have ssh in notime.


> firewall already blocks or forwards all the ports that I might use except
> for an odd one that I have open for another service that will not be running
> during this time. Any help on this will be greatly appreciated. (I did check
> the man pages and info pages without luck, though I don't mind reading them
> if someone can point me to one that will answer this.) You may also be able
> to tell by now that I'm fairly new at Linux, if you need more info to be
> able to answer this, please let me know.

Rerun the firewall configuration and select the port to be closed.
You could tell your firewall to do a port forward too, in that way you don't
need to run kr5 on another port, but just have a port open on the firewall.


> I apologize for the cross-posting, but I'm hoping that by including a single
> newsgroup for follow-up this post may get seen by enough people to get an
> answer for me reasonably quickly while not spamming a bunch of newsgroups,
> if I've done this wrong, I'll take the flames that I know some folks are
> just dying to dish out without complaint.

All to many groups selected, I general rule is only to have 3-5 groups
(security was the one I saw which would have this as OT). Follow-up is
generally quite bad, as everyone don't hang on the same newsgroups and
therefore can't see if you have already got a reply as then they may not need
to reply or they can see that the reply has somethign missing and clarify
that. Then you have the case where you have a followup question, you won't get
any reply from that person when they don't get your second question.


//Aho

"J.O. Aho" wrote:
> Conner Destron wrote:
>> How would I go about configuring my xinetd's kr5-telnet server on my red
>> hat Linux 8.0 box to respond to a port other than the standard port 23?
>> (As you can see from my signature file below, I've already got port 23 on
>> my network being answered by a different machine.)
>
> Edit your /etc/xinetd.d/kr5 (or what the kerberos service config file may
> be called) and add between the { }
>
> port = 2431

Ok, once that's done do I need to do anything other than 'telinit 5' to make
the change take effect?

>> I'm getting ready to take a trip and will need to be able to remotely
>> access my machine while gone, but my laptop doesn't have a SSH client on
>> it.
>
> Oh, it's so difficult to install... take 2 mins to install one.
> If you happens to have bill gates software on it, do a ggole for putty and
> you have ssh in notime.

Ok, I can do that, would the step above be different for sshd? The port
issue remains the same.

>> firewall already blocks or forwards all the ports that I might use except
>> for an odd one that I have open for another service that will not be
>> running during this time. Any help on this will be greatly appreciated.
>> (I did check the man pages and info pages without luck, though I don't
>> mind reading them if someone can point me to one that will answer this.)
>> You may also be able to tell by now that I'm fairly new at Linux, if you
>> need more info to be able to answer this, please let me know.
>
> Rerun the firewall configuration and select the port to be closed.
> You could tell your firewall to do a port forward too, in that way you
> don't need to run kr5 on another port, but just have a port open on the
> firewall.

Hmm, I might be able to get my firewall to do that, I have been useing
firestarter 0.9.3 because Firestarter 1.xx won't install on RH 8.0 and this
version of the firewall doesn't seem to like opening new ports and
occassionally it seems to sort of freeze into this strange state where the
router box that is home to the firewall has full internet access, the
firewall still logs everything, and the lan computers can still reach
everything on the lan except the router box but they have no access to the
internet, and the router box has no access to the lan... it's like eth1 got
unplugged. Strange, but I haven't found another solution, though suggestions
are welcome as long as they don't involve spending money I haven't got or
upgrading to fedora core or RH 9 because I'm not ready to try that one yet,
and the firewall/router box can't be a "dedicated" firewall/router because I
haven't got the extra computer to dedicate that way yet, though I may
eventually go that route when I can afford another box for the lan. (no
income at the moment)

> All to many groups selected, I general rule is only to have 3-5 groups
> (security was the one I saw which would have this as OT). Follow-up is
> generally quite bad, as everyone don't hang on the same newsgroups and
> therefore can't see if you have already got a reply as then they may not
> need to reply or they can see that the reply has somethign missing and
> clarify that. Then you have the case where you have a followup question,
> you won't get any reply from that person when they don't get your second
> question.

makes sense, but I honestly wasn't sure which newsgroups to post to for this
and thought I'd read something about using follow-ups to avoid being thought
of as trolling. *shrug*
-=Conner=-

--
Visit The Castle's Dungeon BBS at telnet://tcdbbs.zapto.org for some family
fun in a medieval setting, or come test your mettle in the Land of Legends,
our MUD, at telnet://tcdbbs.zapto.org:4000
For general info, visit http://www.tcdbbs.zapto.org

On Sun, 12 Dec 2004 15:23:07 -0500, Conner Destron wrote:
> "J.O. Aho" wrote:
>>
>> Edit your /etc/xinetd.d/kr5 (or what the kerberos service config file may
>> be called) and add between the { }
>>
>> port = 2431
>
> Ok, once that's done do I need to do anything other than 'telinit 5' to make
> the change take effect?

any change in /etc/xinetd.d can be reloaded with
service xinetd reload

or running the /etc/init.d/xinetd script.

"Davide Bianchi" wrote:
> On 2004-12-12, Conner Destron <(E-Mail Removed)> wrote:
>> How would I go about configuring my xinetd's kr5-telnet server on my red
>> hat
>> Linux 8.0 box to respond to a port other than the standard port 23?
>
> Don't run it trough xinetd, run it as a stand-alone daemon. If you run it
> in 'debug' mode (not trought inetd/xinetd, you can specify the port
> number).
> But I don't suggest this, install an ssh client on your laptop.

Um, ok, how do I run it that way? Ok, I can install Putty, but still need to
know how to make ssh listen to a non-standard port.

>> my machine while gone, but my laptop doesn't have a SSH client on it.
>
> And installing one isn't an option?

Anything is an option if I can figure out how to do it. I'm sure that I can
install an SSH client on my laptop before I leave, but I still have the
problem of needing sshd, instead of kr5-telnet in that case, to listen to a
non-standard port because my firewall's somewhat less than responsive and I
don't have a better way to accomplish this.
-=Conner=-

--
Visit The Castle's Dungeon BBS at telnet://tcdbbs.zapto.org for some family
fun in a medieval setting, or come test your mettle in the Land of Legends,
our MUD, at telnet://tcdbbs.zapto.org:4000
For general info, visit http://www.tcdbbs.zapto.org

"Bit Twister" wrote:
> On Sun, 12 Dec 2004 15:23:07 -0500, Conner Destron wrote:
>> "J.O. Aho" wrote:
>>>
>>> Edit your /etc/xinetd.d/kr5 (or what the kerberos service config file
>>> may
>>> be called) and add between the { }
>>> port = 2431
>>
>> Ok, once that's done do I need to do anything other than 'telinit 5' to
>> make
>> the change take effect?
>
> any change in /etc/xinetd.d can be reloaded with
> service xinetd reload
>
> or running the /etc/init.d/xinetd script.

ok, cool, thank you.
-=Conner=-

--
Visit The Castle's Dungeon BBS at telnet://tcdbbs.zapto.org for some family
fun in a medieval setting, or come test your mettle in the Land of Legends,
our MUD, at telnet://tcdbbs.zapto.org:4000
For general info, visit http://www.tcdbbs.zapto.org

If KR5 uses xinetd or inetd, then you can set port= in it's conf file
(make sure that /etc/services matches if present). If the program is
run as a daemon, then try doing a man kr5-telnet to see what switches
you need to provide it.

Personally, I'd just download Putty and use SSH from the laptop. Much
more secure than exposing telnet to the internet (hint, hint).

-Chris



On Sun, 12 Dec 2004 04:08:08 -0500, "Conner Destron" <(E-Mail Removed)>
wrote:

>How would I go about configuring my xinetd's kr5-telnet server on my red hat
>Linux 8.0 box to respond to a port other than the standard port 23? (As you
>can see from my signature file below, I've already got port 23 on my network
>being answered by a different machine.)
>
>I'm getting ready to take a trip and will need to be able to remotely access
>my machine while gone, but my laptop doesn't have a SSH client on it. My
>firewall already blocks or forwards all the ports that I might use except
>for an odd one that I have open for another service that will not be running
>during this time. Any help on this will be greatly appreciated. (I did check
>the man pages and info pages without luck, though I don't mind reading them
>if someone can point me to one that will answer this.) You may also be able
>to tell by now that I'm fairly new at Linux, if you need more info to be
>able to answer this, please let me know.
>
>I apologize for the cross-posting, but I'm hoping that by including a single
>newsgroup for follow-up this post may get seen by enough people to get an
>answer for me reasonably quickly while not spamming a bunch of newsgroups,
>if I've done this wrong, I'll take the flames that I know some folks are
>just dying to dish out without complaint.
> -=Conner=-

<(E-Mail Removed)> wrote:
> If KR5 uses xinetd or inetd, then you can set port= in it's conf file
> (make sure that /etc/services matches if present). If the program is
> run as a daemon, then try doing a man kr5-telnet to see what switches
> you need to provide it.
>
> Personally, I'd just download Putty and use SSH from the laptop. Much
> more secure than exposing telnet to the internet (hint, hint).

I did download/install PuTTY and, with instruction from another response,
reconfigured SSH for the port I wanted, but why is opening telnet to the
internet so bad? If you don't know the userid to use or the password to use,
even if you get the right port, you still can't get anywhere with it, can
you?
-=Conner=-

--
Visit The Castle's Dungeon BBS at telnet://tcdbbs.zapto.org for some family
fun in a medieval setting, or come test your mettle in the Land of Legends,
our MUD, at telnet://tcdbbs.zapto.org:4000
For general info, visit http://www.tcdbbs.zapto.org

"Bit Twister" wrote:
> On Sun, 12 Dec 2004 15:23:07 -0500, Conner Destron wrote:
>> "J.O. Aho" wrote:
>>>
>>> Edit your /etc/xinetd.d/kr5 (or what the kerberos service config file
>>> may
>>> be called) and add between the { }
>>> port = 2431
>>
>> Ok, once that's done do I need to do anything other than 'telinit 5' to
>> make
>> the change take effect?
>
> any change in /etc/xinetd.d can be reloaded with
> service xinetd reload
> or running the /etc/init.d/xinetd script.

Ok, thanks for all the help, you and others who've responded have helped
tremendously... I got that answer already from a post in another newsgroup,
which, I suppose, helps explain why the follow-up thing was a waste... I'm
learning, honest. Hopefully one day I'll be the one with enough knowledge
to offer good advice and sound solutions to others.
-=Conner=-

--
Visit The Castle's Dungeon BBS at telnet://tcdbbs.zapto.org for some family
fun in a medieval setting, or come test your mettle in the Land of Legends,
our MUD, at telnet://tcdbbs.zapto.org:4000
For general info, visit http://www.tcdbbs.zapto.org