失败原因:

波折原因:

telnet到RedHat Linux失利–化解办法,telnetredhat

曲折原因:

1.telnet包未安装,检查telnet包是否安装:  

[[email protected] root]# rpm -qa telnet
 telnet-0.17-25

 表示已安装

 2.telnet包已设置,telnet-server未安装,检查telnet-server包是还是不是安装: 

[[email protected] root]# rpm -qa telnet-server
 telnet-server-0.17-25

 表示已设置

 3.telnet配置文件难点:

[[email protected] root]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
#    unencrypted username/password pairs for authentication.
service telnet
{
    flags        = REUSE
    socket_type    = stream        
    wait        = no
    user        = root
    server        = /usr/sbin/in.telnetd
    log_on_failure    += USERID
    disable        = yes 
}

将disable对应的值修改为no可能注释该行一碗水端平启xinetd守护进度:service
xinetd restart。

4.Linux防火墙原因,查看防火墙状态:

[[email protected]
root]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination 
RH-Lokkit-0-50-INPUT all — anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination 
RH-Lokkit-0-50-INPUT all — anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination 
ACCEPT udp — 192.168.1.1 anywhere udp spt:domain dpts:1025:65535 
ACCEPT tcp — anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN 
Linux退步消除办法,消除办法。ACCEPT tcp — anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN 
ACCEPT udp — anywhere anywhere udp spts:bootps:bootpc
dpts:bootps:bootpc 
ACCEPT udp — anywhere anywhere udp spts:bootps:bootpc
dpts:bootps:bootpc 
ACCEPT all — anywhere anywhere 
ACCEPT all — anywhere anywhere 
REJECT tcp — anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable 
REJECT tcp — anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable 
REJECT udp — anywhere anywhere udp dpts:0:1023 reject-with
icmp-port-unreachable 
REJECT udp — anywhere anywhere udp dpt:nfs reject-with
icmp-port-unreachable 
REJECT tcp — anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable 
REJECT tcp — anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable

意味着未关门,借使防火墙已关闭,则不需求在/etc/sysconfig/iptables配置文件中添加:-A
奥迪Q5H-Lokkit-0-50-INPUT -p tcp -m tcp –dport 23 –syn -j ACCEPT。

关门防火墙:service iptables stop (重启后失效:防火墙开机自动运转)

运营防火墙:service iptables start

重启防火墙:service iptables restart

禁绝防火墙开机自动运行:chkconfig iptables off

5.暗中认可景况下Linux不相同意root用户以telnet格局登录Linux主机,若要允许root用户登录可应用以下3中方法:

  (1)修改/etc/pam.d/login配置文件

         RedHat
Linux对于远程登录的限定映今后/etc/pam.d/login文件中,把范围内容注释即可。

[[email protected] root]# cat /etc/pam.d/login
#%PAM-1.0
auth       required    pam_securetty.so
auth       required    pam_stack.so service=system-auth
#auth       required    pam_nologin.so
account    required    pam_stack.so service=system-auth
password   required    pam_stack.so service=system-auth
session    required    pam_stack.so service=system-auth
session    optional    pam_console.so

  (2)移除/etc/securetty文件夹

         
验证规则设置在/etc/securetty文件中,该公文定义了root用户只可以在tty1-tty6的极限上记录,删除该文件或将其改名即可规避验证规则从而实现root用户以telnet形式远程登录Linux主机。

[[email protected] root]# mv /etc/securetty /etc/securetty.bak

  (3)先用普通用户登录,然后切换来root用户

[[email protected] bboss]$ su root
Password: 
[[email protected] bboss]# 

 

Linux战败–解决办法,telnetredhat
失败原因: 1.telnet包未安装,检查telnet包是还是不是安装:
[[email protected]
root]# rpm – qa telnet telnet-0.17-25 表…

telnet到RedHat
Linux失败原因:

1.telnet包未设置,检查telnet包是或不是安装:  

1.telnet包未安装,检查telnet包是还是不是安装:  

1.telnet包未安装,检查telnet包是否安装: 

[root@vm-rhel root]# rpm -qa telnet
 telnet-0.17-25
[root@vm-rhel root]# rpm -qa telnet
 telnet-0.17-25

[root@vm-rhel root]# rpm -qa telnet
 telnet-0.17-25

 表示已设置

 表示已安装

 表示已安装

 2.telnet包已安装,telnet-server未安装,检查telnet-server包是或不是安装: 

 2.telnet包已设置,telnet-server未安装,检查telnet-server包是不是安装: 

 2.telnet包已设置,telnet-server未安装,检查telnet-server包是不是安装:

[root@vm-rhel root]# rpm -qa telnet-server
 telnet-server-0.17-25
[root@vm-rhel root]# rpm -qa telnet-server
 telnet-server-0.17-25

[root@vm-rhel root]# rpm -qa telnet-server
 telnet-server-0.17-25

 表示已设置

 表示已设置

 表示已安装

 3.telnet配置文件难题:

 3.telnet配置文件问题:

 3.telnet配置文件难点:

[root@vm-rhel root]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
#    unencrypted username/password pairs for authentication.
service telnet
{
    flags        = REUSE
    socket_type    = stream        
    wait        = no
    user        = root
    server        = /usr/sbin/in.telnetd
    log_on_failure    += USERID
    disable        = yes 
}
[root@vm-rhel root]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
#    unencrypted username/password pairs for authentication.
service telnet
{
    flags        = REUSE
    socket_type    = stream        
    wait        = no
    user        = root
    server        = /usr/sbin/in.telnetd
    log_on_failure    += USERID
    disable        = yes 
}

[root@vm-rhel root]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
#    unencrypted username/password pairs for authentication.
service telnet
{
    flags        = REUSE
    socket_type    = stream       
    wait        = no
    user        = root
    server        = /usr/sbin/in.telnetd
    log_on_failure    += USERID
    disable        = yes
}

将disable对应的值修改为no恐怕注释该行视同一律启xinetd守护进度:service
xinetd restart。

将disable对应的值修改为no或然注释该行视同一律启xinetd守护进度:service
xinetd restart。

将disable对应的值修改为no或许注释该行相提并论启xinetd守护进度:service
xinetd restart。

4.Linux防火墙原因,查看防火墙状态:

4.Linux防火墙原因,查看防火墙状态:

4.Linux防火墙原因,查看防火墙状态:

[root@vm-rhel root]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination 
RH-Lokkit-0-50-INPUT all — anywhere anywhere

[root@vm-rhel root]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination 
RH-Lokkit-0-50-INPUT all — anywhere anywhere

[root@vm-rhel root]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all — anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination 
RH-Lokkit-0-50-INPUT all — anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination 
RH-Lokkit-0-50-INPUT all — anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all — anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination 
ACCEPT udp — 192.168.1.1 anywhere udp spt:domain dpts:1025:65535 
ACCEPT tcp — anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN 
ACCEPT udp — anywhere anywhere udp spts:bootps:bootpc
dpts:bootps:bootpc 
ACCEPT udp — anywhere anywhere udp spts:bootps:bootpc
dpts:bootps:bootpc 
ACCEPT all — anywhere anywhere 
ACCEPT all — anywhere anywhere 
REJECT tcp — anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable 
REJECT tcp — anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable 
REJECT udp — anywhere anywhere udp dpts:0:1023 reject-with
icmp-port-unreachable 
REJECT udp — anywhere anywhere udp dpt:nfs reject-with
icmp-port-unreachable 
REJECT tcp — anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable 
REJECT tcp — anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination 
ACCEPT udp — 192.168.1.1 anywhere udp spt:domain dpts:1025:65535 
ACCEPT tcp — anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN 
ACCEPT tcp — anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN 
ACCEPT udp — anywhere anywhere udp spts:bootps:bootpc
dpts:bootps:bootpc 
ACCEPT udp — anywhere anywhere udp spts:bootps:bootpc
dpts:bootps:bootpc 
ACCEPT all — anywhere anywhere 
ACCEPT all — anywhere anywhere 
REJECT tcp — anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable 
REJECT tcp — anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable 
REJECT udp — anywhere anywhere udp dpts:0:1023 reject-with
icmp-port-unreachable 
REJECT udp — anywhere anywhere udp dpt:nfs reject-with
icmp-port-unreachable 
REJECT tcp — anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable 
REJECT tcp — anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp — 192.168.1.1 anywhere udp spt:domain dpts:1025:65535
ACCEPT tcp — anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT tcp — anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp — anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT tcp — anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp — anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN
ACCEPT udp — anywhere anywhere udp spts:bootps:bootpc
dpts:bootps:bootpc
ACCEPT udp — anywhere anywhere udp spts:bootps:bootpc
dpts:bootps:bootpc
ACCEPT all — anywhere anywhere
ACCEPT all — anywhere anywhere
REJECT tcp — anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable
REJECT tcp — anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable
REJECT udp — anywhere anywhere udp dpts:0:1023 reject-with
icmp-port-unreachable
REJECT udp — anywhere anywhere udp dpt:nfs reject-with
icmp-port-unreachable
REJECT tcp — anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable
REJECT tcp — anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN
reject-with icmp-port-unreachable

意味着未关门,借使防火墙已关门,则不供给在/etc/sysconfig/iptables配置文件中拉长:-A
PAJEROH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 23 –syn -j ACCEPT。

意味着未关门,假设防火墙已关门,则不要求在/etc/sysconfig/iptables配置文件中充足:-A
EvoqueH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 23 –syn -j ACCEPT。

意味着未关门,要是防火墙已关闭,则不必要在/etc/sysconfig/iptables配置文件中添加:-A
凯雷德H-Lokkit-0-50-INPUT -p tcp -m tcp –dport 23 –syn -j ACCEPT。

关门防火墙:service iptables stop (重启后失效:防火墙开机自动运转)

关门防火墙:service iptables stop (重启后失效:防火墙开机自动运营)

关门防火墙:service iptables stop (重启后失效:防火墙开机自动运转)

启航防火墙:service iptables start

开发银行防火墙:service iptables start

起初防火墙:service iptables start

重启防火墙:service iptables restart

重启防火墙:service iptables restart

重启防火墙:service iptables restart

不准防火墙开机自动运维:chkconfig iptables off

取缔防火墙开机自动运维:chkconfig iptables off

不准防火墙开机自动运营:chkconfig iptables off

5.暗中认可情状下Linux不允许root用户以telnet方式登录Linux主机,若要允许root用户登录可采纳以下3中艺术:

5.暗中认可景况下Linux区别意root用户以telnet情势登录Linux主机,若要允许root用户登录可利用以下3中方法:

5.私下认可情形下Linux不容许root用户以telnet格局登录Linux主机,若要允许root用户登录可利用以下3中方法:

  (1)修改/etc/pam.d/login配置文件

  (1)修改/etc/pam.d/login配置文件

(1)修改/etc/pam.d/login配置文件

         RedHat
Linux对于远程登录的限定呈今后/etc/pam.d/login文件中,把范围内容注释即可。

         RedHat
Linux对于远程登录的限量显示在/etc/pam.d/login文件中,把范围内容注释即可。

RedHat
Linux对于远程登录的限制映现在/etc/pam.d/login文件中,把范围内容注释即可。

[root@vm-rhel root]# cat /etc/pam.d/login
#%PAM-1.0
auth       required    pam_securetty.so
auth       required    pam_stack.so service=system-auth
#auth       required    pam_nologin.so
account    required    pam_stack.so service=system-auth
password   required    pam_stack.so service=system-auth
session    required    pam_stack.so service=system-auth
session    optional    pam_console.so
[root@vm-rhel root]# cat /etc/pam.d/login
#%PAM-1.0
auth       required    pam_securetty.so
auth       required    pam_stack.so service=system-auth
#auth       required    pam_nologin.so
account    required    pam_stack.so service=system-auth
password   required    pam_stack.so service=system-auth
session    required    pam_stack.so service=system-auth
session    optional    pam_console.so

[root@vm-rhel root]# cat /etc/pam.d/login
#%PAM-1.0
auth      required    pam_securetty.so
auth      required    pam_stack.so service=system-auth
#auth      required    pam_nologin.so
account    required    pam_stack.so service=system-auth
password  required    pam_stack.so service=system-auth
session    required    pam_stack.so service=system-auth
session    optional    pam_console.so

  (2)移除/etc/securetty文件夹

  (2)移除/etc/securetty文件夹

(2)移除/etc/securetty文件夹

         
验证规则设置在/etc/securetty文件中,该文件定义了root用户只可以在tty1-tty6的顶峰上记下,删除该公文或将其改名即可规避验证规则从而完毕root用户以telnet情势远程登录Linux主机。

         
验证规则设置在/etc/securetty文件中,该文件定义了root用户只幸亏tty1-tty6的顶峰上记下,删除该公文或将其改名即可规避验证规则从而完结root用户以telnet格局远程登录Linux主机。

表达规则设置在/etc/securetty文件中,该公文定义了root用户只幸而tty1-tty6的顶点上记录,删除该公文或将其改名即可规避验证规则从而实现root用户以telnet情势远程登录Linux主机。

[root@vm-rhel root]# mv /etc/securetty /etc/securetty.bak
[root@vm-rhel root]# mv /etc/securetty /etc/securetty.bak

[root@vm-rhel root]# mv /etc/securetty /etc/securetty.bak

  (3)先用普通用户登录,然后切换来root用户

  (3)先用普通用户登录,然后切换成root用户

(3)先用普通用户登录,然后切换成root用户

[bboss@vm-rhel bboss]$ su root
Password: 
[root@vm-rhel bboss]# 
[bboss@vm-rhel bboss]$ su root
Password: 
[root@vm-rhel bboss]# 

[澳门金沙国际 ,bboss@vm-rhel bboss]$ su root
Password:
[root@vm-rhel bboss]#

 

 

本文永久更新链接地址:http://www.linuxidc.com/Linux/2017-06/144497.htm

澳门金沙国际 1

相关文章