[root@sre ~]# rpm -qa | grep telnet[root@sre ~]# rpm -qa telnet-server[root@sre ~]# rpm -qa xinetd
如果什么都不显示。说明你没有安装telnet
xinetd是新一代的网络守护进程服务程序
[root@sre ~]# yum install xinetd telnet telnet-server telnet
注意:因为是由xinetd管理,这里启动的是telnet.socket而不是telnet.service
[root@sre ~]# systemctl start telnet.socket[root@sre ~]# systemctl start xinetd[root@sre ~]# systemctl enable xinetd[root@sre ~]# systemctl enable telnet.socket
[root@localhost ~]# netstat -tulp|grep telnettcp6 0 0 [::]:telnet [::]:* LISTEN 1/systemd [root@localhost ~]# netstat -tunlp|grep 23tcp6 0 0 :::23 :::* LISTEN 1/systemd 如果看到上述输出则表明telnet-server正常
注意: 默认情况下,PAM模块限制root不能telnet到telnet-server,可使用普通用户登录后su切换
#移除securetty文件验证规则设置在/etc/security文件中,该文件定义root用户只能在tty1-tty6的终端上记录,删除该文件或者将其改名即可避开验证规则实现root用户远程登录。 [root@nodel ~]# mv /etc/securetty /etc/securetty.bak
一般不建议直接用root用户远程通过telnet登陆系统,因为telnet在数据传输过程采用明文方式,如果,数据包被人截获,将会很容易获取root用户的登陆口令;还是建议以普通用户通过telnet远程登陆,然后su到root,这样相对比较安全。如果非要用root用户远程连接,建议采用SSH
注意: 本文使用的普通用户登录
[root@sre ~]# telnet 172.16.200.150Trying 172.16.200.150... Connected to 172.16.200.150. Escape character is '^]'. Kernel 3.10.0-1160.el7.x86_64 on an x86_64 docker login: fxkjPassword: Last login: Mon Sep 12 23:16:28 from ::ffff:172.16.10.37[fxkj@docker ~]$ who am i fxkj pts/3 2022-09-12 23:34 (::ffff:172.16.10.37)#su 登录到root[fxkj@sre ~]$ su - rootPassword: Last login: Mon Sep 12 23:25:02 EDT 2022 from ::ffff:172.16.10.37 on pts/3Last failed login: Mon Sep 12 23:33:18 EDT 2022 from ::ffff:172.16.10.37 on pts/3There were 2 failed login attempts since the last successful login. [root@sre ~]#
[root@sre ~]# ssh -VOpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@sre ~]# wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
[root@sre ~]# tar -xvf openssh-9.0p1.tar.gz
[root@sre ~]# yum install -y pam* zlib* openssl-devel gcc make
[root@sre ~]# cp -r /etc/ssh /tmp/
[root@sre ~]# cd openssh-9.0p1[root@sre openssh-9.0p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-pam --without-openssl-header-check --with-ssl-dir=/usr/local/ssl --with-privsep-path=/var/lib/sshd[root@sre openssh-9.0p1]# make[root@sre openssh-9.0p1]# rm -rf /etc/ssh/*[root@sre openssh-9.0p1]# rm -rf /usr/lib/systemd/system/sshd.service[root@sre openssh-9.0p1]# make install
注意: 允许使用root用户远程登录,是否使用PAM认证
[root@sre openssh-9.0p1]# sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config[root@sre openssh-9.0p1]# sed -i 's/#UsePAM no/UsePAM yes/g' /etc/ssh/sshd_config
[root@sre openssh-9.0p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd[root@sre openssh-9.0p1]# chkconfig sshd on[root@sre openssh-9.0p1]# chkconfig --add sshd[root@sre openssh-9.0p1]# systemctl enable sshd[root@sre openssh-9.0p1]# systemctl restart sshd
[root@sre ~]# ssh -VOpenSSH_9.0p1, OpenSSL 1.0.2k-fips 26 Jan 2017
注意: 本文使用的普通用户登录
[root@sre ~]# ssh fxkj@172.16.200.150fxkj@172.16.200.150's password: Last login: Mon Sep 12 23:34:06 2022 from ::ffff:172.16.10.37 [fxkj@sre ~]$ su - rootPassword: Last login: Mon Sep 12 23:35:00 EDT 2022 on pts/3 [root@sre ~]#
[root@sre ~]# systemctl stop telnet.socket[root@sre ~]# systemctl stop xinetd[root@sre ~]# systemctl disable xinetd[root@sre ~]# systemctl disable telnet.socket
Copyright © 2013-2021 8a.hk All Rights Reserved. 八艾云 版权所有 中山市八艾云计算有限公司 粤ICP备14095776号