• 在centos5开启telnet服务并验证


    1.安装telnet服务

    [root@localhost ~]# yum install telnet

    2.检查是否成功安装

    [root@localhost ~]# rpm -qa | grep telnet
    telnet-0.17-38.el5
    telnet-server-0.17-38.el5                                      #####有显示就是正确的

    3.修改文件开启服务

    [root@localhost home]# vim /etc/xinetd.d/telnet 
    # default: on
    # description: The telnet server serves telnet sessions; it uses 
    #       unencrypted username/password pairs for authentication.
    service telnet
    {
            flags           = REUSE
            socket_type     = stream
            wait            = no
            user            = root
            server          = /usr/sbin/in.telnetd
            log_on_failure  += USERID
            disable         = no                              #####是指禁止远方telnet,改为no就是启动
    }

    [root@localhost xinetd.d]# service  xinetd  restart
    停止 xinetd:                                              [确定]
    启动 xinetd:                                              [确定]



    4.停止iptables、seliunx(可以在iptables中开启telnet的23端口,后面有介绍)

    5.测试能否能用root账户telnet(若没配置一般是不行的)

    6.修改配置使root登陆

    当我们失败后,linux是会记录下失败记录作为日志在/var/log/secure

    Oct 26 08:17:57 localhost login: pam_securetty(remote:auth): access denied: tty 'pts/1' is not secure !
    Oct 26 08:18:01 localhost login: FAILED LOGIN 1 FROM 192.168.165.1 FOR root, Authentication failure

    可以看到没有pts/1所以被拒绝了

    我们可以在修改添加一个虚拟线程

    [root@localhost xinetd.d]# vi /etc/securetty 
    
    console
    vc/1
    vc/2
    vc/3
    vc/4
    vc/5
    vc/6
    vc/7
    vc/8
    vc/9
    vc/10
    vc/11
    tty1
    tty2
    tty3
    tty4
    tty5
    tty6
    tty7
    tty8
    tty9
    tty10
    tty11
    pts/1

     再次测试

    Xshell:> telnet 192.168.165.136
    
    
    Connecting to 192.168.165.136:23...
    Connection established.
    To escape to local shell, press 'Ctrl+Alt+]'.
    CentOS release 5 (Final)
    Kernel 2.6.18-8.el5 on an i686
    login: root
    Password: 
    Last login: Wed Oct 26 08:13:15 from 192.168.165.1
    [root@localhost ~]# 

    ps:不建议直接用root登陆,因为telnet是明文传输。建议用一个普通用户登录然后su到root用户权限

     7.在有防火墙的情况下配置telnet

    修改防火墙配置,添加一条开发telnet的23号端口

    [root@localhost ~]# vi /etc/sysconfig/iptables
    
    # Firewall configuration written by system-config-securitylevel
    # Manual customization of this file is not recommended.
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :RH-Firewall-1-INPUT - [0:0]
    -A INPUT -j RH-Firewall-1-INPUT
    -A FORWARD -j RH-Firewall-1-INPUT
    -A RH-Firewall-1-INPUT -i lo -j ACCEPT
    -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
    -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
    -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT                   ######开放23号端口
    -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT ~ ~
  • 相关阅读:
    最近一周的日期选择设置
    使用两个 Windows 窗体 DataGridView 控件创建一个主/从窗体
    WCF使用小例子
    SQL Server中JOIN的用法
    C#设计模式(13)——代理模式(Proxy Pattern)
    SQL四种语言:DDL,DML,DCL,TCL
    Log4Net组件的应用详解
    JSP九大内置对象详解
    Objective-C:自定义Block函数
    C语言:指针的几种形式二
  • 原文地址:https://www.cnblogs.com/liutao97/p/5998886.html
Copyright © 2020-2023  润新知