在centos5开启telnet服务并验证
1.安装telnet服务
[root@localhost ~]# yum install telnet
2.检查是否成功安装
[root@localhost ~]# rpm -qa | grep telnet telnet-0.17-38.el5 telnet-server-0.17-38.el5 #####有显示就是正确的
3.修改文件开启服务
[root@localhost home]# vim /etc/xinetd.d/telnet # default: on # description: The telnet server serves telnet sessions; it uses \ # unencrypted username/password pairs for authentication. service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no #####是指禁止远方telnet,改为no就是启动 }
[root@localhost xinetd.d]# service xinetd restart
停止 xinetd: [确定]
启动 xinetd: [确定]
4.停止iptables、seliunx(可以在iptables中开启telnet的23端口,后面有介绍)
5.测试能否能用root账户telnet(若没配置一般是不行的)
6.修改配置使root登陆
当我们失败后,linux是会记录下失败记录作为日志在/var/log/secure
Oct 26 08:17:57 localhost login: pam_securetty(remote:auth): access denied: tty 'pts/1' is not secure ! Oct 26 08:18:01 localhost login: FAILED LOGIN 1 FROM 192.168.165.1 FOR root, Authentication failure
可以看到没有pts/1所以被拒绝了
我们可以在修改添加一个虚拟线程
[root@localhost xinetd.d]# vi /etc/securetty console vc/1 vc/2 vc/3 vc/4 vc/5 vc/6 vc/7 vc/8 vc/9 vc/10 vc/11 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 pts/1
再次测试
Xshell:\> telnet 192.168.165.136 Connecting to 192.168.165.136:23... Connection established. To escape to local shell, press 'Ctrl+Alt+]'. CentOS release 5 (Final) Kernel 2.6.18-8.el5 on an i686 login: root Password: Last login: Wed Oct 26 08:13:15 from 192.168.165.1 [root@localhost ~]#
ps:不建议直接用root登陆,因为telnet是明文传输。建议用一个普通用户登录然后su到root用户权限
7.在有防火墙的情况下配置telnet
修改防火墙配置,添加一条开发telnet的23号端口
[root@localhost ~]# vi /etc/sysconfig/iptables # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT ######开放23号端口
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT ~ ~