Linux 远程登录(telnet ssh)

telnet

[root@rhel6 ~]# rpm -qa | grep telnet

telnet-server-0.17-47.el6.x86_64

telnet-0.17-47.el6.x86_64

[root@rhel6 ~]# vi /etc/xinetd.d/telnet //telnet是依赖于xinetd的

# default: on

# description: The telnet server serves telnet sessions; it uses \

# unencrypted username/password pairs for authentication.

service telnet

{

flags = REUSE

socket_type = stream

wait = no

user = root

server = /usr/sbin/in.telnetd

log_on_failure += USERID

disable = no

instances = 1 //设置服务器最大连接数(即只允许1个用户通过telnet登录)

# bind = 192.168.0.90 //只允许经由该适配器的数据包进来

# only_from = 192.168.0.0/24 //只允许该网段通过telnet访问

# no_access = 192.168.0.100 //不允许该IP通过telnet访问

# access_times = 9:00-18:00 //telnet服务开放的时间

}

[root@rhel6 ~]# /etc/init.d/xinetd restart

Stopping xinetd: [ OK ]

Starting xinetd: [ OK ]

[root@rhel5 ~]# telnet rhel6

Trying 192.168.0.90...

Connected to rhel6.

Escape character is '^]'.

Red Hat Enterprise Linux Server release 6.2 (Santiago)

Kernel 2.6.32-220.el6.x86_64 on an x86_64

login: root

Password:

Login incorrect //默认禁止root用户通过telnet登录

login: xfcy

Password:

Last login: Wed Dec 26 17:17:08 from rhel6

[xfcy@rhel6 ~]$ who

root pts/0 2012-12-27 12:01 (192.168.0.90)

xfcy pts/1 2012-12-27 12:18 (rhel5)

[xfcy@rhel6 ~]$ telnet rhel6

Trying 192.168.0.90...

Connected to rhel6.

Escape character is '^]'.

Connection closed by foreign host. //不允许第2个用户通过telnet登录

[root@rhel6 ~]# netstat -lntp | grep :23 //默认监听23号端口

tcp 0 0 :::23 :::* LISTEN 5169/xinetd

[xfcy@rhel6 ~]$ vi /etc/services //修改telnet服务的监听端口为230

telnet 230/tcp

telnet 230/udp

[root@rhel6 ~]# /etc/init.d/xinetd restart

Stopping xinetd: [ OK ]

Starting xinetd: [ OK ]

[root@rhel6 ~]# netstat -lntp | grep :23

tcp 0 0 :::230 :::* LISTEN 5319/xinetd

[root@rhel5 ~]# telnet rhel6

Trying 192.168.0.90... //默认通过23号端口无法访问telnet服务

telnet: connect to address 192.168.0.90: Connection refused

telnet: Unable to connect to remote host: Connection refused

[root@rhel5 ~]# telnet rhel6 230 //通过230端口可成功访问telnet服务

Trying 192.168.0.90...

Connected to rhel6.xfcy.org (192.168.0.90).

Escape character is '^]'.

Red Hat Enterprise Linux Server release 6.2 (Santiago)

Kernel 2.6.32-220.el6.x86_64 on an x86_64

login: xfcy

Password:

Last login: Thu Dec 27 12:50:16 from rhel5

[xfcy@rhel6 ~]$ netstat -an | grep :23

tcp 0 0 192.168.0.90:230 192.168.0.89:51147 ESTABLISHED

tcp 0 0 :::230 :::* LISTEN

情况下，linux不允许root用户以telnet方式登录linux主机，若要允许root用户登录，可采取以下3种方法之一：

1.修改login文件

RedHat中对于远程登录的限制体现在/etc/pam.d/login 文件中，如果把限制的内容注销掉，那么限制将不起作用。

[root@rhel5 ~]# vi /etc/pam.d/login

#%PAM-1.0 auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so

auth include system-auth

#account required pam_nologin.so

account include system-auth

password include system-auth

# pam_selinux.so close should be the first session rule

session required pam_selinux.so close

session include system-auth

session required pam_loginuid.so

session optional pam_console.so

# pam_selinux.so open should only be followed by sessions to be executed in the user context

session required pam_selinux.so open

session optional pam_keyinit.so force revoke

2.移除securetty文件

验证规则设置在/etc/securetty 文件中，该文件定义root用户只能在tty1-tty11的终端上记录，移除该文件即可避开验证规则实现root用户远程登录。

[root@rhel5 ~]# mv /etc/securetty /etc/securetty.bak

3.修改securetty文件

[root@rhel5 ~]# vi /etc/securetty

console

vc/1

vc/2

vc/3

vc/4

vc/5

vc/6

vc/7

vc/8

vc/9

vc/10

vc/11

tty1

tty2

tty3

tty4

tty5

tty6

tty7

tty8

tty9

tty10

tty11

pts/1

pts/2

pts/3

pts/4

pts/5

pts/6

pts/7

pts/8

pts/9

pts/10

pts/11