失敗原因: 1.telnet包未安裝,檢查telnet包是否安裝: 表示已安裝 2.telnet包已安裝,telnet-server未安裝,檢查telnet-server包是否安裝: 表示已安裝 3.telnet配置文件問題: 將disable對應的值修改為no或者註釋該行並重啟xinetd守護進程 ...
失敗原因:
1.telnet包未安裝,檢查telnet包是否安裝:
[root@vm-rhel root]# rpm -qa telnet
telnet-0.17-25
表示已安裝
2.telnet包已安裝,telnet-server未安裝,檢查telnet-server包是否安裝:
[root@vm-rhel root]# rpm -qa telnet-server
telnet-server-0.17-25
表示已安裝
3.telnet配置文件問題:
[root@vm-rhel root]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}
將disable對應的值修改為no或者註釋該行並重啟xinetd守護進程:service xinetd restart。
4.Linux防火牆原因,查看防火牆狀態:
[root@vm-rhel root]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- 192.168.1.1 anywhere udp spt:domain dpts:1025:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
表示未關閉,如果防火牆已關閉,則不需要在/etc/sysconfig/iptables配置文件中添加:-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --syn -j ACCEPT。
關閉防火牆:service iptables stop (重啟後失效:防火牆開機自動啟動)
啟動防火牆:service iptables start
重啟防火牆:service iptables restart
禁止防火牆開機自動啟動:chkconfig iptables off
5.預設情況下Linux不允許root用戶以telnet方式登錄Linux主機,若要允許root用戶登錄可採用以下3中方法:
(1)修改/etc/pam.d/login配置文件
RedHat Linux對於遠程登錄的限制體現在/etc/pam.d/login文件中,把限制內容註釋即可。
[root@vm-rhel root]# cat /etc/pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
#auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
(2)移除/etc/securetty文件夾
驗證規則設置在/etc/securetty文件中,該文件定義了root用戶只能在tty1-tty6的終端上記錄,刪除該文件或將其改名即可避開驗證規則從而實現root用戶以telnet方式遠程登錄Linux主機。
[root@vm-rhel root]# mv /etc/securetty /etc/securetty.bak
(3)先用普通用戶登錄,然後切換到root用戶
[bboss@vm-rhel bboss]$ su root
Password:
[root@vm-rhel bboss]#
