1. Installing the Telnet service
Yum Install telnet
2. Check whether the installation was successful
grep telnettelnet-0.17-el5telnet-server-0.17-El5 # # # # #有显示就是正确的
3. Modify the file opening service
[Email protected] home]# vim/etc/xinetd.d/Telnet # default:on# description:the telnet Server serves Telnet sessions; it uses # unencrypted username/password pairs forAuthentication.service telnet{Flags=Reuse Socket_type=Streamwait=no user=Root server=/usr/sbin/inch. telnetd log_on_failure+=USERID Disable =no # # # # # # # # # # #是指禁止远方telnet, start}
[Email protected] xinetd.d]# service xinetd restart
Stop xinetd: [OK]
Start xinetd: [OK]
4. Stop Iptables, Seliunx (23 ports can be opened in iptables, followed by introduction)
5. Test whether the root account can be Telnet (if not configured generally is not possible)
6. Modify the configuration to make root login
When we fail, Linux is logged the failed record as a log in /var/log/secure
- : £º +login'pts/1' is not secure! : £ ºlogin1192.168. 165.1 for root, authentication failure
You can see there's no pts/1, so I was rejected.
We can add a virtual thread in the modification
[Email protected] xinetd.d]#VI/etc/Securetty CONSOLEVC/1VC/2VC/3VC/4VC/5VC/6VC/7VC/8VC/9VC/TenVC/ Onetty1tty2tty3tty4tty5tty6tty7tty8tty9tty10tty11pts /1
Test again
xshell:\> Telnet192.168.165.136connecting to192.168.165.136: at... Connection established. To escape to local shell, Press'ctrl+alt+]'. CentOS Release5(Final) Kernel2.6. --8. El5 on an i686Login: Rootpassword:lastLogin: Wed Oct - ,: -: theFrom192.168.165.1[[Email protected]~]#
PS: It is not recommended to log in directly with root because Telnet is transmitted in plaintext. It is recommended to log in with a regular user and then SU to root user rights
7. Configure Telnet in the case of a firewall
Modify the firewall configuration to add a port number 23rd that is developing Telnet
[[email protected] ~]# VI /etc/sysconfig/ iptables# Firewall configuration written by System-config-securitylevel# Manual Customization of thisfileis not recommended.*filter:input ACCEPT [0:0]:forward ACCEPT [0:0]:output ACCEPT [0:0]:RH-firewall-1-input-[0:0]-A input-j rh-firewall-1-INPUT-A forward-j rh-firewall-1-INPUT-A rh-firewall-1-input-i Lo-J ACCEPT-A rh-firewall-1-input-p ICMP--icmp-type any-J ACCEPT-A rh-firewall-1-input-p --J ACCEPT-A rh-firewall-1-input-pWuyi-J ACCEPT-A rh-firewall-1-input-m State--state new-m tcp-p TCP--dport -J ACCEPT ##### #开放23号端口
-A rh-firewall-1-input-p UDP--dport5353-D224.0.0.251-J ACCEPT-A rh-firewall-1-input-p udp-m UDP--dport631-J ACCEPT-A rh-firewall-1-input-p tcp-m TCP--dport631-J ACCEPT-A rh-firewall-1-input-m State--state established,related-J ACCEPT-A rh-firewall-1-input-m State--state new-m tcp-p TCP--dport A-J ACCEPT-A rh-firewall-1-input-j REJECT--reject-with icmp-host-Prohibitedcommit~ ~
Turn on the Telnet service in CENTOS5 and verify