Users often need to get their files from remote locations. The files that an engineer has on his laptop may not be the configuration files he needs to solve a client s problem. Linux provides a selection of different remote access services. Many of them are part of the Extended Internet Services Daemon, xinetd .
The xinetd daemon controls access to and starts various services on demand. Access is controlled through /etc/xinetd.conf and individual service files in the /etc/xinetd.d directory. New xinetd services are disabled by default. Three major xinetd remote access services are FTP, Telnet, and RSH.
Access to xinetd services is controlled through TCP Wrappers, which depends on configuration commands in /etc/ hosts .allow and /etc/hosts.deny . You can configure commands for specific services, addressing specific computers or networks. When there is a match, you can also set these commands to run shell commands that might send you a warning or send the information to a log file.
One alternative service that encrypts remote communication is the Secure Shell (SSH). The various openssh-* RPM packages allow you to use RSA or DSA encryption for network communication. With this type of public/private key system, it is important for you to protect your private key with a passphrase. You can use SSH commands to open your account on remote computers, or even connect securely to a SSH-enabled FTP server.
Troubleshooting remote access issues can be problematic , because there is a wide range of available firewalls. A service might not be installed or active. Many services have their own security- related configuration files, and you ll need to check those files. You can protect xinetd services through /etc/hosts.allow and /etc/hosts.deny . And of course, you can configure firewalls with iptables .
In Chapter 24 , we ll look at detailed configuration requirements for two major Linux servers and their clients : the Domain Name Service (DNS) and the Dynamic Host Configuration Protocol (DHCP).