關于telnet到RedHat Linux失敗的解決辦法詳解

409

失敗原因:

1.telnet包未安裝,檢查telnet包是否安裝: ?

[root@vm-rhel?root]#?rpm?-qa?telnet  ?telnet-0.17-25

?表示已安裝

?2.telnet包已安裝,telnet-server未安裝,檢查telnet-server包是否安裝:

[root@vm-rhel?root]#?rpm?-qa?telnet-server  ?telnet-server-0.17-25

?表示已安裝

?3.telnet安裝問題:

[root@vm-rhel?root]#?cat?/etc/xinetd.d/telnet  #?default:?on  #?description:?The?telnet?server?serves?telnet?sessions;?it?uses?  #????unencrypted?username/password?pairs?for?authentication.  service?telnet  {  ????flags????????=?REUSE  ????socket_type????=?stream????????  ????wait????????=?no  ????user????????=?root  ????server????????=?/usr/sbin/in.telnetd  ????log_on_failure????+=?USERID  ????disable????????=?yes?  }

將disable對應的值修改為no或者安裝該行并重啟xinetd守護進程:service xinetd restart。

4.安裝防火墻原因,查看防火墻安裝

[root@vm-rhel?root]#?service?iptables?status  Table:?filter  Chain?INPUT?(policy?ACCEPT)  target?prot?opt?source?destination?  RH-Lokkit-0-50-INPUT?all?--?anywhere?anywhere    Chain?FORWARD?(policy?ACCEPT)  target?prot?opt?source?destination?  RH-Lokkit-0-50-INPUT?all?--?anywhere?anywhere    Chain?OUTPUT?(policy?ACCEPT)  target?prot?opt?source?destination    Chain?RH-Lokkit-0-50-INPUT?(2?references)  target?prot?opt?source?destination?  ACCEPT?udp?--?192.168.1.1?anywhere?udp?spt:domain?dpts:1025:65535?  ACCEPT?tcp?--?anywhere?anywhere?tcp?dpt:smtp?flags:SYN,RST,ACK/SYN?  ACCEPT?tcp?--?anywhere?anywhere?tcp?dpt:http?flags:SYN,RST,ACK/SYN?  ACCEPT?tcp?--?anywhere?anywhere?tcp?dpt:ftp?flags:SYN,RST,ACK/SYN?  ACCEPT?tcp?--?anywhere?anywhere?tcp?dpt:ssh?flags:SYN,RST,ACK/SYN?  ACCEPT?tcp?--?anywhere?anywhere?tcp?dpt:telnet?flags:SYN,RST,ACK/SYN?  ACCEPT?udp?--?anywhere?anywhere?udp?spts:bootps:bootpc?dpts:bootps:bootpc?  ACCEPT?udp?--?anywhere?anywhere?udp?spts:bootps:bootpc?dpts:bootps:bootpc?  ACCEPT?all?--?anywhere?anywhere?  ACCEPT?all?--?anywhere?anywhere?  REJECT?tcp?--?anywhere?anywhere?tcp?dpts:0:1023?flags:SYN,RST,ACK/SYN?reject-with?icmp-port-unreachable?  REJECT?tcp?--?anywhere?anywhere?tcp?dpt:nfs?flags:SYN,RST,ACK/SYN?reject-with?icmp-port-unreachable?  REJECT?udp?--?anywhere?anywhere?udp?dpts:0:1023?reject-with?icmp-port-unreachable?  REJECT?udp?--?anywhere?anywhere?udp?dpt:nfs?reject-with?icmp-port-unreachable?  REJECT?tcp?--?anywhere?anywhere?tcp?dpts:x11:6009?flags:SYN,RST,ACK/SYN?reject-with?icmp-port-unreachable?  REJECT?tcp?--?anywhere?anywhere?tcp?dpt:xfs?flags:SYN,RST,ACK/SYN?reject-with?icmp-port-unreachable

表示未關閉,如果防火墻已關閉,則不需要在/etc/sysconfig/iptables配置文件中添加:-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 23 –syn -j ACCEPT。

關閉防火墻:service iptables s安裝 (重啟后失效:防火墻開機自動啟動)

啟動防火墻:service iptables start

重啟防火墻:service iptables restart

禁止防火墻開機自動啟動:chkconfig iptables off

5.默認情況下linux不允許root用戶以telnet方式登錄Linux主機,若要允許root安裝可采用以下3中方法:

? (1)修改/etc/pam.d/login配置文件

? ? ? ? ?RedHat Linux對于安裝的限制體現(xiàn)在/etc/pam.d/login文件中,把限制內容注釋即可。

[root@vm-rhel?root]#?cat?/etc/pam.d/login#%PAM-1.0auth???????required????pam_securetty.so  auth???????required????pam_stack.so?service=system-auth  #auth???????required????pam_nologin.so  account????required????pam_stack.so?service=system-auth  password???required????pam_stack.so?service=system-auth  session????required????pam_stack.so?service=system-auth  session????optional????pam_console.so

? (2)移除/etc/securetty文件夾

? ? ? ? ? 安裝設置在/etc/securetty文件中,該文件定義了root用戶只能在tty1-tty6的終端上記錄,安裝該文件或將其改名即可避開驗證規(guī)則從而實現(xiàn)root用戶以telnet方式遠程登錄Linux主機。

[root@vm-rhel?root]#?mv?/etc/securetty?/etc/securetty.bak

? (3)先用普通用戶登錄,然后切換到root用戶

[bboss@vm-rhel?bboss]$?su?root  Password:?  [root@vm-rhel?bboss]#

?

? 版權聲明
THE END
互聯(lián)網運維
# linux
喜歡就支持一下吧
點贊9 分享