失败原因:
1.telnet包未安装,检查telnet包是否安装:
[root@vm-rhel root]# rpm -qa telnet telnet-0.17-25
表示已安装
2.telnet包已安装,telnet-server未安装,检查telnet-server包是否安装:
[root@vm-rhel root]# rpm -qa telnet-server telnet-server-0.17-25
表示已安装
3.telnet配置文件问题:
[root@vm-rhel root]# cat /etc/xinetd.d/telnet # default: on # description: The telnet server serves telnet sessions; it uses # unencrypted username/password pairs for authentication. service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = yes }
将disable对应的值修改为no或者注释该行并重启xinetd守护进程:service xinetd restart。
4.linux防火墙原因,查看防火墙状态:
<br/>
[root@vm-rhel root]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all — anywhere anywhere
<br/>
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all — anywhere anywhere
<br/>
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
<br/>
Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp — 192.168.1.1 anywhere udp spt:domain dpts:1025:65535
ACCEPT tcp — anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT tcp — anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp — anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT tcp — anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp — anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN
ACCEPT udp — anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT udp — anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT all — anywhere anywhere
ACCEPT all — anywhere anywhere
REJECT tcp — anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp — anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp — anywhere anywhere udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp — anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable
REJECT tcp — anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp — anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
表示未关闭,如果防火墙已关闭,则不需要在/etc/sysconfig/iptables配置文件中添加:-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 23 –syn -j ACCEPT。
关闭防火墙:service iptables stop (重启后失效:防火墙开机自动启动)
启动防火墙:service iptables start
重启防火墙:service iptables restart
禁止防火墙开机自动启动:chkconfig iptables off
5.默认情况下Linux不允许root用户以telnet方式登录Linux主机,若要允许root用户登录可采用以下3中方法:
(1)修改/etc/pam.d/login配置文件
RedHat Linux对于远程登录的限制体现在/etc/pam.d/login文件中,把限制内容注释即可。
[root@vm-rhel root]# cat /etc/pam.d/login#%PAM-1.0auth required pam_securetty.so auth required pam_stack.so service=system-auth #auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.so
(2)移除/etc/securetty文件夹
验证规则设置在/etc/securetty文件中,该文件定义了root用户只能在tty1-tty6的终端上记录,删除该文件或将其改名即可避开验证规则从而实现root用户以telnet方式远程登录Linux主机。
[root@vm-rhel root]# mv /etc/securetty /etc/securetty.bak
(3)先用普通用户登录,然后切换到root用户
[bboss@vm-rhel bboss]$ su root Password: [root@vm-rhel bboss]#
