在centos5开启telnet服务并验证

2022-03-02 08:45:05

1.安装telnet服务

[root@localhost ~]# yum install telnet

2.检查是否成功安装

[root@localhost ~]# rpm -qa | grep telnet

telnet-0.17-.el5

telnet-server-0.17-.el5                                      #####有显示就是正确的

3.修改文件开启服务

[root@localhost home]# vim /etc/xinetd.d/telnet

# default: on

# description: The telnet server serves telnet sessions; it uses \

#       unencrypted username/password pairs for authentication.

service telnet

{

        flags           = REUSE

        socket_type     = stream

        wait            = no

        user            = root

        server          = /usr/sbin/in.telnetd

        log_on_failure  += USERID

        disable         = no                              #####是指禁止远方telnet,改为no就是启动

}

[root@localhost xinetd.d]# service  xinetd  restart
停止 xinetd:                                              [确定]
启动 xinetd:                                              [确定]

4.停止iptables、seliunx(可以在iptables中开启telnet的23端口,后面有介绍)

5.测试能否能用root账户telnet(若没配置一般是不行的)

6.修改配置使root登陆

当我们失败后,linux是会记录下失败记录作为日志在/var/log/secure

Oct  :: localhost login: pam_securetty(remote:auth): access denied: tty 'pts/1' is not secure !

Oct  :: localhost login: FAILED LOGIN  FROM 192.168.165.1 FOR root, Authentication failure

可以看到没有pts/1所以被拒绝了

我们可以在修改添加一个虚拟线程

[root@localhost xinetd.d]# vi /etc/securetty 

console

vc/

vc/

vc/

vc/

vc/

vc/

vc/

vc/

vc/

vc/

vc/

tty1

tty2

tty3

tty4

tty5

tty6

tty7

tty8

tty9

tty10

tty11

pts/

再次测试

Xshell:\> telnet 192.168.165.136

Connecting to 192.168.165.136:...

Connection established.

To escape to local shell, press 'Ctrl+Alt+]'.

CentOS release  (Final)

Kernel 2.6.-.el5 on an i686

login: root

Password:

Last login: Wed Oct  :: from 192.168.165.1

[root@localhost ~]#

ps:不建议直接用root登陆,因为telnet是明文传输。建议用一个普通用户登录然后su到root用户权限

7.在有防火墙的情况下配置telnet

修改防火墙配置,添加一条开发telnet的23号端口

[root@localhost ~]# vi /etc/sysconfig/iptables

# Firewall configuration written by system-config-securitylevel

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [:]

:FORWARD ACCEPT [:]

:OUTPUT ACCEPT [:]

:RH-Firewall--INPUT - [:]

-A INPUT -j RH-Firewall--INPUT

-A FORWARD -j RH-Firewall--INPUT

-A RH-Firewall--INPUT -i lo -j ACCEPT

-A RH-Firewall--INPUT -p icmp --icmp-type any -j ACCEPT

-A RH-Firewall--INPUT -p  -j ACCEPT

-A RH-Firewall--INPUT -p  -j ACCEPT

-A RH-Firewall--INPUT -m state --state NEW -m tcp -p tcp --dport  -j ACCEPT                   ######开放23号端口
-A RH-Firewall--INPUT -p udp --dport  -d 224.0.0.251 -j ACCEPT

-A RH-Firewall--INPUT -p udp -m udp --dport  -j ACCEPT

-A RH-Firewall--INPUT -p tcp -m tcp --dport  -j ACCEPT

-A RH-Firewall--INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall--INPUT -m state --state NEW -m tcp -p tcp --dport  -j ACCEPT

-A RH-Firewall--INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

~

~
上一篇:jmeter测试报告分析


下一篇:jmeter性能指标