Out of the box, your Linux system is set for very high security,
so even though you may be wanting to make services available
to other machines from your Linux machine, no other machine
can connect to it. The machine is set up for the most hazardous
environment, that of a casual user connected to the
Getting (controlled) access
We'll address two scenarios. In the first we will look at
the most common, the machine exposed to the Internet without
the benefit of a firewall. In the second, we will consider
a machine on a network protected by a firewall.
Exposed to the Internet
Your machine has its own firewall installed, and it's set
to nearly the highest level of security. The purpose is to
keep crackers (the media calls them "hackers") out of your
machine. There are known exploits of some services that can
allow the intruder to become "root", and then he can install
software that can break in to other machines, sniff your
passwords and credit card numbers, and other nefarious deeds.
Forget about allowing telnet into your machine, and think
carefully about allowing ftp. Telnet is a major security
hole primarily because passwords are sent in the clear, and
anyone sniffing your network can read them.
You probably already have installed a
capability similar to telnet called Secure
SHell (SSH). To start it up, run (as root)
To have it come up automatically at boot time, run
If using the GUI, click on System->Administration->Services.
Now, you still have your firewall to deal with. Run
from the command line or System->Administration-Firewall, if
using a window manager (this example from Gnome on Fedora 13),
and follow the options shown.
You will want a Secure SHell client for your Windoze boxes.
There are several software packages available, many are freeware
or shareware. I recommend PuTTY.
As far as ftp is concerned, you may not need it. SSH includes
an scp (secure copy) and sftp (secure ftp).
If you must have ftp, you probably have vsftp (Very Secure FTP)
installed. It's fine. Just turn it on.
Isolated from the Internet
If your network is behind a good firewall, then you can
open up whatever services you want, if you trust the others
on the network. First you will want to turn off the firewall.
Use system-config-security to set things to "no firewall". Then
use ntsysv to enable whatever services you want.
That said, I wasn't kidding about trusting others on your
network. I still recommend using SSH to connect to your machine
because it is secure and just as easy as telnet, in fact
easier if you set things up right. Read up on "ssh-agent".
~ Bob McClure