在centos5开启telnet服务并验证-白红宇

在centos5开启telnet服务并验证

阅读量：5167 次

发布时间：2019-06-13

本文共 3079 字，大约阅读时间需要 10 分钟。

1.安装telnet服务

[root@localhost ~]# yum install telnet

2.检查是否成功安装

[root@localhost ~]# rpm -qa | grep telnettelnet-0.17-38.el5telnet-server-0.17-38.el5                                      #####有显示就是正确的

3.修改文件开启服务

[root@localhost home]# vim /etc/xinetd.d/telnet # default: on# description: The telnet server serves telnet sessions; it uses \#       unencrypted username/password pairs for authentication.service telnet{        flags           = REUSE        socket_type     = stream        wait            = no        user            = root        server          = /usr/sbin/in.telnetd        log_on_failure  += USERID        disable         = no                              #####是指禁止远方telnet，改为no就是启动} [root@localhost xinetd.d]# service  xinetd  restart 停止 xinetd：                                              [确定] 启动 xinetd：                                              [确定]

4.停止iptables、seliunx（可以在iptables中开启telnet的23端口，后面有介绍）

5.测试能否能用root账户telnet（若没配置一般是不行的）

6.修改配置使root登陆

当我们失败后，linux是会记录下失败记录作为日志在/var/log/secure

Oct 26 08:17:57 localhost login: pam_securetty(remote:auth): access denied: tty 'pts/1' is not secure !Oct 26 08:18:01 localhost login: FAILED LOGIN 1 FROM 192.168.165.1 FOR root, Authentication failure

可以看到没有pts/1所以被拒绝了

我们可以在修改添加一个虚拟线程

[root@localhost xinetd.d]# vi /etc/securetty consolevc/1vc/2vc/3vc/4vc/5vc/6vc/7vc/8vc/9vc/10vc/11tty1tty2tty3tty4tty5tty6tty7tty8tty9tty10tty11pts/1

再次测试

Xshell:\> telnet 192.168.165.136Connecting to 192.168.165.136:23...Connection established.To escape to local shell, press 'Ctrl+Alt+]'.CentOS release 5 (Final)Kernel 2.6.18-8.el5 on an i686login: rootPassword: Last login: Wed Oct 26 08:13:15 from 192.168.165.1[root@localhost ~]#

ps：不建议直接用root登陆，因为telnet是明文传输。建议用一个普通用户登录然后su到root用户权限

7.在有防火墙的情况下配置telnet

修改防火墙配置，添加一条开发telnet的23号端口

[root@localhost ~]# vi /etc/sysconfig/iptables# Firewall configuration written by system-config-securitylevel# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]:RH-Firewall-1-INPUT - [0:0]-A INPUT -j RH-Firewall-1-INPUT-A FORWARD -j RH-Firewall-1-INPUT-A RH-Firewall-1-INPUT -i lo -j ACCEPT-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT-A RH-Firewall-1-INPUT -p 50 -j ACCEPT-A RH-Firewall-1-INPUT -p 51 -j ACCEPT-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT                   ######开放23号端口 -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT  -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibitedCOMMIT~                                                                                                                                                                                                                                ~

转载于:https://www.cnblogs.com/liutao97/p/5998886.html

你可能感兴趣的文章

CVE-2014-6321 && MS14-066 Microsoft Schannel Remote Code Execution Vulnerability Analysis

查看>>

给一次重新选择的机会_您还会选择程序员吗？

查看>>

Mysql MHA高可用集群架构

查看>>