telnet到RedHat Linux失敗--解決辦法

標籤：配置   1.0   tab   bin   tables   pam   user   nfs   optional   

失敗原因：

1.telnet包未安裝，檢查telnet包是否安裝：  

[[email protected] root]# rpm -qa telnet telnet-0.17-25

 表示已安裝

 2.telnet包已安裝，telnet-server未安裝，檢查telnet-server包是否安裝： 

[[email protected] root]# rpm -qa telnet-server telnet-server-0.17-25

 表示已安裝

 3.telnet設定檔問題：

[[email protected] root]# cat /etc/xinetd.d/telnet# default: on# description: The telnet server serves telnet sessions; it uses #    unencrypted username/password pairs for authentication.service telnet{    flags        = REUSE    socket_type    = stream            wait        = no    user        = root    server        = /usr/sbin/in.telnetd    log_on_failure    += USERID    disable        = yes }

將disable對應的值修改為no或者注釋該行並重啟xinetd守護進程：service xinetd restart。

4.Linux防火牆原因，查看防火牆狀態：

[[email protected] root]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination 
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination 
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination 
ACCEPT udp -- 192.168.1.1 anywhere udp spt:domain dpts:1025:65535 
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN 
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN 
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN 
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN 
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN 
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc 
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc 
ACCEPT all -- anywhere anywhere 
ACCEPT all -- anywhere anywhere 
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable 
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable 
REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with icmp-port-unreachable 
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable 
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable 
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

表示未關閉,如果防火牆已關閉，則不需要在/etc/sysconfig/iptables設定檔中添加：-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --syn -j ACCEPT。

關閉防火牆：service iptables stop (重啟後失效：防火牆開機自動啟動)

啟動防火牆：service iptables start

重啟防火牆：service iptables restart

禁止防火牆開機自動啟動：chkconfig iptables off

5.預設情況下Linux不允許root使用者以telnet方式登入Linux主機，若要允許root使用者登入可採用以下3中方法：

  （1）修改/etc/pam.d/login設定檔

         RedHat Linux對於遠程登入的限制體現在/etc/pam.d/login檔案中，把限制內容注釋即可。

[[email protected] root]# cat /etc/pam.d/login#%PAM-1.0auth       required    pam_securetty.soauth       required    pam_stack.so service=system-auth#auth       required    pam_nologin.soaccount    required    pam_stack.so service=system-authpassword   required    pam_stack.so service=system-authsession    required    pam_stack.so service=system-authsession    optional    pam_console.so

  （2）移除/etc/securetty檔案夾

          驗證規則設定在/etc/securetty檔案中，該檔案定義了root使用者只能在tty1-tty6的終端上記錄，刪除該檔案或將其改名即可避開驗證規則從而實現root使用者以telnet方式遠程登入Linux主機。

[[email protected] root]# mv /etc/securetty /etc/securetty.bak

  （3）先用普通使用者登入，然後切換到root使用者

[[email protected] bboss]$ su rootPassword: [[email protected] bboss]# 

 

telnet到RedHat Linux失敗--解決辦法