telnet开启.doc

在RHEL5中开通Root远程登录详解目录：一、telnet基础知识二、telnet服务安装三、telnet服务检测四、telnet服务调试五、telnet开启root六、telnet服务启动七、telnet服务测试八、telnet端口更改九、telnet服务限制十、配置文件krb5-telnet十一、配置文件ekrb5-telnet十二、telnet登陆错误解析编者话：通过无数次的重新安装linux，每次都要开通telnet，尤其没有默认安装telnet组件的时候。当然这个文档比较适合初学者，比如我。同时此文档仅能抛砖引玉，对于其他的linux系统如Ubuntu等还是有一些区别。各位在使用中加以考量，鄙人在逐渐学习linux的过程中，不断的体会到每个文件与系统的整合，思考他们运作的方式。一直在寻找这样一本能够直观的如神经脉络一样谱写出linxu系统的书籍。不断寻找中，理解才是永恒。-一、telnet基础知识telnet：提供telnet服务，使用未加密的用户/密码组进行验证，依附于xinetd服务。文件位于/etc/xinetd.d/telnet。krb5-telnet：提供telnet服务，允许普通的telnet登陆，默认是不允许root用户登录，使用kerberos5验证 ，依附于xinetd服务。文件位于/etc/xinetd.d/krb5-telnet。ekrb5-telnet：提供加密的telnet服务，但是必须要ekrb5的加密服务器。文件位于/etc/xinetd.d/ekrb5-telnet。xinetd：因特网操作服务程序。提供类似于inetd+tcp_wrapper的功能，但是更加强大和安全，监控网络对各种它管理的服务的需求，并在要的时候启动相应的服务程序。文件位于/etc/xinetd.d中二、telnet服务安装1、查看telnet rpm包rootrhel52 /# rpm -qa | grep telnettelnet-0.17-38.el5 telnet-server-0.17-38.el5 =RHEL5CD#4rootrhel52 /# 2、安装telnet server rpm包rootrhel52 work# rpm -ivh telnet-server-0.17-38.el5.i386.rpmwarning: telnet-server-0.17-38.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186Preparing. # 100% package telnet-server-0.17-38.el5 is already installedrootrhel52 work# 注：安装完毕以后会在/etc/xinetd.d/中出现一个telnet配置文件三、telnet服务检测1、查看telnet服务rootrhel52 /# chkconfig -list | grep telnet ekrb5-telnet: off krb5-telnet: off telnet: offrootrhel52 /#2、开启telnet服务rootrhel52 /# chkconfig telnet on也可以用rootrhel52 /# ntsysv开启3、设置自动启动rootrhel52 /# chkconfig -level 35 telnet onrootrhel52 /# chkconfig -list | grep telnet ekrb5-telnet: off krb5-telnet: off telnet: onrootrhel52 /#四、telnet服务调试1、配置telnet文件rootrhel52 /# vim /etc/xinetd.d/telnet# default: on# description: The telnet server serves telnet sessions; it uses # unencrypted username/password pairs for authentication.service telnet disable = no =确认是no flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID2、注意/etc/xinetd.d/ekrb5-telnet 和 krb5-telnet两个文件中的disable，稍后说明其作用。五、telnet开启root1、确认/etc/pam.d/login中的pam_securetty.so行，并将其注释掉#rootrhel52 /# vim /etc/pam.d/login#%PAM-1.0#auth user_unknown=ignore success=ok ignore=ignore default=bad pam_securetty.soauth include system-authaccount required pam_nologin.soaccount include system-authpassword include system-auth# pam_selinux.so close should be the first session rulesession required pam_selinux.so closesession include system-authsession required pam_loginuid.sosession optional pam_console.so# pam_selinux.so open should only be followed by sessions to be executed in theuser contextsession required pam_selinux.so opensession optional pam_keyinit.so force revoke2、开通telnet控制台，在/etc/securetty文件中设定rootrhel52 /# vim /etc/securettyconsolevc/1vc/2vc/3tty1tty2tty3tty4tty5.pts/1pts/2pts/3pts/4pts/5在文件后面追加pts/1.pts/n六、telnet服务启动因为telnet服务是由xinetd调用，所以只要重新启动xinetd即可rootrhel52 /# service xinetd restartStopping xinetd: OK Starting xinetd: OK rootrhel52 /# 七、telnet服务测试Microsoft Windows 版本 6.1.7100版权所有 (c) 2009 Microsoft Corporation。保留所有权利。C:telnet 192.168.238.220正在连接192.168.238.220.Red Hat Enterprise Linux Server release 5 (Tikanga)Kernel 2.6.18-8.el5 on an i686login: rootPassword:Last login: Sat Aug 1 22:47:15 from 192.168.238.1rootrhel52 #八、telnet端口更改设定配置文件/etc/servicesrootCentOS5 /#vi /etc/services找到下面的两行：telnet 23/tcptelnet 23/udp九、telnet服务限制设定配置文件/etc/xinetd.d/telnetrootrhel52 /# vim /etc/xinetd.d/telnet access_time = 20:00-24:00# default: on# description: The telnet server serves telnet sessions; it uses # unencrypted username/password pairs for authentication.service telnet disable = no flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID only_from = 192.168.0.0/16#bind = 192.168.0.100#only_from = 192.168.0.0/24#no_access = 192.168.0.80,90#access_times = 8:00-9:00 20:00-23:00十、配置文件krb5-telnet文件所在位置 /etc/xinetd.d/krb5-telnet其实rhel5已经装了krb5-telnet，那么就可以启用这个服务来达到开启telnet的目的。不用再安装telnet-server这个软件包了。可以使用Kerberos 5来进行认证。1、开启krb5-telnet服务。rootrhel52 /# vim /etc/xinetd.d/krb5-telnet将“disable = yes” 改为“disable = no”2、启动服务rootrhel52 /# service xinetd restart十一、配置文件ekrb5-telnet文件所在位置 /etc/xinetd.d/ekrb5-telnetekrb5- telnet可以用来提供加密的telnet服务。如果启用了ekrb5-telnet服务，但是又没有Kerberos服务器的话，那么在进行 telnet登录时，总是会报“Unencrypted connection refused. Goodbye.（未加密的连接，拒绝服务）”这个错误。1、开启ekrb5-telnet服务。rootrhel52 /# vim /etc/xinetd.d/ekrb5-telnet将“disable = yes” 改为“disable = no”2、启动服务rootrhel52 /# vim service xinetd restart注：使用Kerberos 5来认证和加密telnet会话前，需要先搭建一个Kerberos服务器。十二、telnet登陆错误解析错误信息：Cannot resolve network address for KDC in requested realm while getting initial credentials当出现如上信息时，请检查/etc/xinetd.d/krb5-telnet，并将“disable = no”改成yesrootrhel52 /# vim /etc/xinetd.d/krb5-telnet# default: off# description: The kerberized telnet server accepts normal telnet sessions, # but can also use Kerberos 5 authentication.service telnet flags = REUSE socket_type = stream wait = no user = root server = /usr/kerberos/sbin/telnetd log_on_failure += USERID disable = no - no改成yes错误信息：Unencrypted connection refused. Goodbye.遗失对主机的连接。当出现如上信息时，请检查/etc/xinetd.d/ekrb5-telnet，并将“disable = no”改成yesrootrhel52 /# vim /etc/xinetd.d/ekrb5-telnet# default: off# description: The kerberized telnet server accepts only telnet sessions, # which use Kerberos 5 authentication and encryption.service telnet flags = REUSE socket_type = stream wait = no user = root server = /usr/kerberos/sbin/telnetd server_args = -e log_on_failure += USERID disable = no - no改成yes错误信息：getnameinfo: localhost: Success Temporary failure in name resolution: Illegal se