telnet到RedHat Linux战败–消除办法,telnetredhat

telnet到RedHat Linux战败–化解办法,telnetredhat

失败原因:

1.telnet包未安装,检查telnet包是否安装:  

[[email protected] root]# rpm -qa telnet
 telnet-0.17-25

 表示已设置

 2.telnet包已安装,telnet-server未安装,检查telnet-server包是不是安装: 

[[email protected] root]# rpm -qa telnet-server
 telnet-server-0.17-25

 表示已设置

 3.telnet配置文件难点:

[[email protected] root]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses 
#    unencrypted username/password pairs for authentication.
service telnet
{
    flags        = REUSE
    socket_type    = stream        
    wait        = no
    user        = root
    server        = /usr/sbin/in.telnetd
    log_on_failure    += USERID
    disable        = yes 
}

将disable对应的值修改为no可能注释该行同样重视启xinetd守护进度:service
xinetd restart。

4.Linux防火墙原因,查看防火墙状态:

[[email protected]
root]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination 
RH-Lokkit-0-50-INPUT all — anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination 
RH-Lokkit-0-50-INPUT all — anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination 
ACCEPT udp — 192.168.1.1 anywhere udp spt:domain dpts:1025:65535 
ACCEPT tcp — anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN 
ACCEPT udp — anywhere anywhere udp spts:bootps:bootpc
dpts:bootps:bootpc 
ACCEPT udp — anywhere anywhere udp spts:bootps:bootpc
dpts:bootps:bootpc 
ACCEPT all — anywhere anywhere 
telnet到RedHat Linux战败–消除办法,telnetredhat。ACCEPT all — anywhere anywhere 
REJECT tcp — anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable 
REJECT tcp — anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable 
REJECT udp — anywhere anywhere udp dpts:0:1023 reject-with
icmp-port-unreachable 
REJECT udp — anywhere anywhere udp dpt:nfs reject-with
icmp-port-unreachable 
REJECT tcp — anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable 
REJECT tcp — anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable

表示未关门,假如防火墙已关门,则不要求在/etc/sysconfig/iptables配置文件中拉长:-A
HavalH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 23 –syn -j ACCEPT。

闭馆防火墙:service iptables stop (重启后失效:防火墙开机自动运行卡塔尔国

运维防火墙:service iptables start

重启防火墙:service iptables restart

防止防火墙开机自动运维:chkconfig iptables off

5.默许情状下Linux分化意root客户以telnet形式登陆Linux主机,若要允许root顾客登陆可利用以下3中方法:

  (1)改善/etc/pam.d/login配置文件

         RedHat
Linux对于远程登录的界定体将来/etc/pam.d/login文件中,把范围内容注释就可以。

[[email protected] root]# cat /etc/pam.d/login
#%PAM-1.0
auth       required    pam_securetty.so
auth       required    pam_stack.so service=system-auth
#auth       required    pam_nologin.so
account    required    pam_stack.so service=system-auth
password   required    pam_stack.so service=system-auth
session    required    pam_stack.so service=system-auth
session    optional    pam_console.so

  (2)移除/etc/securetty文件夹

         
验证准绳设置在/etc/securetty文件中,该文件定义了root客商只可以在tty1-tty6的极端上记下,删除该文件或将其改名就能够隐瞒验证法规进而实现root客户以telnet形式远程登陆Linux主机。

[[email protected] root]# mv /etc/securetty /etc/securetty.bak

  (3)先用普通客商登入,然后切换成root顾客

[[email protected] bboss]$ su root
Password: 
[[email protected] bboss]# 

 

Linux退步–解决办法,telnetredhat
失败原因: 1.telnet包未设置,检查telnet包是还是不是安装:
[[email protected]
root]# rpm – qa telnet telnet-0.17-25 表…

发表评论

电子邮件地址不会被公开。 必填项已用*标注