.jpg)
失敗原因:
1.telnet包未安裝,檢查telnet包是否安裝: ?
[root@vm-rhel?root]#?rpm?-qa?telnet ?telnet-0.17-25
?表示已安裝
?2.telnet包已安裝,telnet-server未安裝,檢查telnet-server包是否安裝:
[root@vm-rhel?root]#?rpm?-qa?telnet-server ?telnet-server-0.17-25
?表示已安裝
?3.telnet安裝問(wèn)題:
[root@vm-rhel?root]#?cat?/etc/xinetd.d/telnet #?default:?on #?description:?The?telnet?server?serves?telnet?sessions;?it?uses? #????unencrypted?username/password?pairs?for?authentication. service?telnet { ????flags????????=?REUSE ????socket_type????=?stream???????? ????wait????????=?no ????user????????=?root ????server????????=?/usr/sbin/in.telnetd ????log_on_failure????+=?USERID ????disable????????=?yes? }
將disable對(duì)應(yīng)的值修改為no或者安裝該行并重啟xinetd守護(hù)進(jìn)程:service xinetd restart。
[root@vm-rhel?root]#?service?iptables?status Table:?filter Chain?INPUT?(policy?ACCEPT) target?prot?opt?source?destination? RH-Lokkit-0-50-INPUT?all?--?anywhere?anywhere Chain?FORWARD?(policy?ACCEPT) target?prot?opt?source?destination? RH-Lokkit-0-50-INPUT?all?--?anywhere?anywhere Chain?OUTPUT?(policy?ACCEPT) target?prot?opt?source?destination Chain?RH-Lokkit-0-50-INPUT?(2?references) target?prot?opt?source?destination? ACCEPT?udp?--?192.168.1.1?anywhere?udp?spt:domain?dpts:1025:65535? ACCEPT?tcp?--?anywhere?anywhere?tcp?dpt:smtp?flags:SYN,RST,ACK/SYN? ACCEPT?tcp?--?anywhere?anywhere?tcp?dpt:http?flags:SYN,RST,ACK/SYN? ACCEPT?tcp?--?anywhere?anywhere?tcp?dpt:ftp?flags:SYN,RST,ACK/SYN? ACCEPT?tcp?--?anywhere?anywhere?tcp?dpt:ssh?flags:SYN,RST,ACK/SYN? ACCEPT?tcp?--?anywhere?anywhere?tcp?dpt:telnet?flags:SYN,RST,ACK/SYN? ACCEPT?udp?--?anywhere?anywhere?udp?spts:bootps:bootpc?dpts:bootps:bootpc? ACCEPT?udp?--?anywhere?anywhere?udp?spts:bootps:bootpc?dpts:bootps:bootpc? ACCEPT?all?--?anywhere?anywhere? ACCEPT?all?--?anywhere?anywhere? REJECT?tcp?--?anywhere?anywhere?tcp?dpts:0:1023?flags:SYN,RST,ACK/SYN?reject-with?icmp-port-unreachable? REJECT?tcp?--?anywhere?anywhere?tcp?dpt:nfs?flags:SYN,RST,ACK/SYN?reject-with?icmp-port-unreachable? REJECT?udp?--?anywhere?anywhere?udp?dpts:0:1023?reject-with?icmp-port-unreachable? REJECT?udp?--?anywhere?anywhere?udp?dpt:nfs?reject-with?icmp-port-unreachable? REJECT?tcp?--?anywhere?anywhere?tcp?dpts:x11:6009?flags:SYN,RST,ACK/SYN?reject-with?icmp-port-unreachable? REJECT?tcp?--?anywhere?anywhere?tcp?dpt:xfs?flags:SYN,RST,ACK/SYN?reject-with?icmp-port-unreachable
表示未關(guān)閉,如果防火墻已關(guān)閉,則不需要在/etc/sysconfig/iptables配置文件中添加:-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 23 –syn -j ACCEPT。
關(guān)閉防火墻:service iptables s安裝 (重啟后失效:防火墻開(kāi)機(jī)自動(dòng)啟動(dòng))
啟動(dòng)防火墻:service iptables start
重啟防火墻:service iptables restart
禁止防火墻開(kāi)機(jī)自動(dòng)啟動(dòng):chkconfig iptables off
5.默認(rèn)情況下linux不允許root用戶以telnet方式登錄Linux主機(jī),若要允許root安裝可采用以下3中方法:
? (1)修改/etc/pam.d/login配置文件
? ? ? ? ?RedHat Linux對(duì)于安裝的限制體現(xiàn)在/etc/pam.d/login文件中,把限制內(nèi)容注釋即可。
[root@vm-rhel?root]#?cat?/etc/pam.d/login#%PAM-1.0auth???????required????pam_securetty.so auth???????required????pam_stack.so?service=system-auth #auth???????required????pam_nologin.so account????required????pam_stack.so?service=system-auth password???required????pam_stack.so?service=system-auth session????required????pam_stack.so?service=system-auth session????optional????pam_console.so
? (2)移除/etc/securetty文件夾
? ? ? ? ? 安裝設(shè)置在/etc/securetty文件中,該文件定義了root用戶只能在tty1-tty6的終端上記錄,安裝該文件或?qū)⑵涓拿纯杀荛_(kāi)驗(yàn)證規(guī)則從而實(shí)現(xiàn)root用戶以telnet方式遠(yuǎn)程登錄Linux主機(jī)。
[root@vm-rhel?root]#?mv?/etc/securetty?/etc/securetty.bak
? (3)先用普通用戶登錄,然后切換到root用戶
[bboss@vm-rhel?bboss]$?su?root Password:? [root@vm-rhel?bboss]#
?
.png)
