telnet到RedHat Linux失敗原因、解決方法
- PHP中文网原創
- 2017-06-20 09:35:162292瀏覽
失敗原因:
1.telnet套件未安裝,檢查telnet套件是否已安裝:
[root@vm-rhel root]# rpm -qa telnet telnet-0.17-25
表示已安裝
2.telnet套件已安裝,telnet-server未安裝,檢查telnet-server套件是否安裝:
[root@vm-rhel root]# rpm -qa telnet-server telnet-server-0.17-25
表示已安裝
3.telnet配置檔案問題:
[root@vm-rhel root]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}將disable對應的值修改為no或註解該行並重新啟動xinetd守護程式:service xinetd restart。
4.Linux防火牆原因,查看防火牆狀態:
<br>
[root@vm-rhel root]# service iptables status<br>Table: filter<br>Chain INPUT ( policy ACCEPT)<br>target prot opt source destination <br>RH-Lokkit-0-50-INPUT all -- anywhere anywhere
<br>
Chain FORWARD (policy ACCEPT)##target protation opt source destination ##RH-Lokkit-0-50-INPUT all -- anywhere anywhere<br>
<br><br>Chain OUTPUT (policy ACCEPT)target prot opt source destination
<br><br>Chain RH-Lokkit-0 -50-INPUT (2 references)target prot opt source destination
ACCEPT udp -- 192.168.1.1 anywhere udp spt:domain dpts:1025:65535 here udp spt:domain dpts:1025:65535 #herm#ACCdh fm#dheddiid ftf :SYN,RST,ACK/SYN <br>ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN <br>#ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK /SYN <br>ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN <br>ACCEPT tcp -- anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc <br>ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc p -- anywhere anywhere <br>REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable <br>REJECT tcp.. anywhere pfidwidy f5; 。 :nfs reject-with icmp-port-unreachable <br>REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable <br>JECTECT tcp --wyECT anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable<br><br><br>表示未關閉,如果防火牆已關閉,則不需要在/etc/sysconfig/iptables在設定檔中新增:-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --syn -j ACCEPT。 <br><br>關閉防火牆:service iptables stop (重新啟動後失效:防火牆啟動自動啟動)<br><br>啟動防火牆:service iptables start<br>
重啟防火牆:service iptables restart禁止防火牆開機自動啟動:chkconfig iptables off
5.預設情況下Linux不允許root使用者以telnet方式登入Linux主機,若要允許root使用者登入可採用下列3中方法:
(1)修改/etc/pam.d/login設定檔
RedHat Linux對於遠端登入的限制體現在/etc/pam.d/login檔案中,將限制內容註解即可。
[root@vm-rhel root]# cat /etc/pam.d/login#%PAM-1.0auth required pam_securetty.so auth required pam_stack.so service=system-auth #auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.so
(2)移除/etc/securetty資料夾
驗證規則設定在/etc/securetty檔案中,定義了root使用者只能在tty1-tty6的終端機上記錄,刪除該檔案或將其改名即可避開驗證規則從而實現root使用者以telnet方式遠端登入Linux主機。
[root@vm-rhel root]# mv /etc/securetty /etc/securetty.bak
[bboss@vm-rhel bboss]$ su root Password: [root@vm-rhel bboss]#
以上是telnet到RedHat Linux失敗原因、解決方法的詳細內容。更多資訊請關注PHP中文網其他相關文章!