首頁  >  文章  >  運維  >  關於telnet到RedHat Linux失敗的解決方法詳解

關於telnet到RedHat Linux失敗的解決方法詳解

黄舟
黄舟原創
2017-06-05 10:10:002125瀏覽

失敗原因:

1.telnet套件未安裝,檢查telnet套件是否已安裝:  

[root@vm-rhel root]# rpm -qa telnet
 telnet-0.17-25

 表示已安裝

 2.telnet套件已安裝,telnet-server未安裝,檢查telnet-server套件是否安裝:

[root@vm-rhel root]# rpm -qa telnet-server
 telnet-server-0.17-25

 表示已安裝

 3.telnet#設定檔問題:

[root@vm-rhel root]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
#    unencrypted username/password pairs for authentication.
service telnet
{
    flags        = REUSE
    socket_type    = stream        
    wait        = no
    user        = root
    server        = /usr/sbin/in.telnetd
    log_on_failure    += USERID
    disable        = yes 
}

將disable對應的值修改為no或註解該行並重啟xinetd守護程式:service xinetd restart。

4.Linux防火牆原因,查看防火牆狀態

[root@vm-rhel root]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination 
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination 
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination 
ACCEPT udp -- 192.168.1.1 anywhere udp spt:domain dpts:1025:65535 
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN 
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN 
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN 
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN 
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN 
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc 
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc 
ACCEPT all -- anywhere anywhere 
ACCEPT all -- anywhere anywhere 
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable 
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable 
REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with icmp-port-unreachable 
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable 
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable 
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

表示未關閉,如果防火牆已關閉,則不需要在/etc /sysconfig/iptables設定檔中新增:-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --syn -j ACCEPT。

關閉防火牆:service iptables stop (重新啟動後失效:防火牆開機自動啟動)

啟動防火牆:service iptables start

#重啟防火牆: service iptables restart

禁止防火牆開機自動啟動:chkconfig iptables off

5.預設情況下Linux不允許root使用者以telnet方式登入Linux主機,若要允許root使用者登入可採用以下3方法:

  (1)修改/etc/pam.d/login設定檔

         RedHat Linux對於遠端登入的限制體現在/etc/pam.d/login檔中,把限制內容註解即可。

[root@vm-rhel root]# cat /etc/pam.d/login#%PAM-1.0auth       required    pam_securetty.so
auth       required    pam_stack.so service=system-auth
#auth       required    pam_nologin.so
account    required    pam_stack.so service=system-auth
password   required    pam_stack.so service=system-auth
session    required    pam_stack.so service=system-auth
session    optional    pam_console.so

 (2)移除/etc/securetty資料夾

          驗證規則設定在/etc/securetty檔案中,定義了root使用者只能在tty1-tty6的終端機上記錄,刪除該檔案或將其改名即可避開驗證規則從而實現root使用者以telnet方式遠端登入Linux主機。

[root@vm-rhel root]# mv /etc/securetty /etc/securetty.bak

  (3)先用一般使用者登錄,再切換到root使用者

[bboss@vm-rhel bboss]$ su root
Password: 
[root@vm-rhel bboss]#

 

#

以上是關於telnet到RedHat Linux失敗的解決方法詳解的詳細內容。更多資訊請關注PHP中文網其他相關文章!

陳述:
本文內容由網友自願投稿,版權歸原作者所有。本站不承擔相應的法律責任。如發現涉嫌抄襲或侵權的內容,請聯絡admin@php.cn