安装xinetd和telnet和telnet-server,问题及解决方案

安装telnet软件包
telnet-client (或 telnet),这个软件包提供的是 telnet 客户端程序;
telnet-server 软件包,这个才是真正的 Telnet server 软件包。

1、先检测是否这些软件包已经安装
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]# rpm -qa | grep telnet
telnet-server-0.17-64.el7.x86_64
telnet-0.17-64.el7.x86_64

2、telnet-server服务启动依赖xinetd服务,
需要首先安装,如果telnet-server服务在xinetd之前安装了,要先删除telnet-server,再安装xinetd
1)查看是否安装
rpm -qa | grep xinetd
2)安装xinetd服务
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]# yum -y install xinetd

3、安装或卸载软件包
根据上面的命令获取已安装软件包名称
卸载:
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]# rpm -e telnet-server-0.17-64.el7.x86_64
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]# rpm -e telnet-0.17-64.el7.x86_64

安装:
安装客户端:yum -y install telnet
1)使用yum list |grep telnet命令获取查找telnet-server的源文件:
[root@iZwz95a6wosz6klzf7o6hcZ /]# yum list |grep telnet
telnet.x86_64 1:0.17-64.el7 @base
telnet-server.x86_64 1:0.17-64.el7 @base
dcap-tunnel-telnet.x86_64 2.47.11-1.el7 epel

2)安装服务端
yum install telnet-server.x86_64

4、查看是否安装成功
[root@iZwz95a6wosz6klzf7o6hcZ /]# rpm -qa | grep telnet
telnet-server-0.17-64.el7.x86_64
telnet-0.17-64.el7.x86_64

5、开启服务
telnet服务之后,默认是不开启服务,修改文件/etc/xinetd.d/telnet来开启服务。
注:如有则修改,第一次修改,此文件若不存在,可自己vim创建。修改 disable = yes 为 disable = no
修改后的telnet文件为:

default: yes

description: The telnet server servestelnet sessions; it uses \

unencrypted username/password pairs for authentication.

service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server =/usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
}

6、安装后检查
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]# rpm -qa | grep xinetd
xinetd-2.3.15-13.el7.x86_64
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]# rpm -qa | grep telnet
telnet-0.17-64.el7.x86_64
telnet-server-0.17-64.el7.x86_64

7、启动telnet和依赖的xinetd服务
在centos7之前:
service xinetd restart 或 /etc/rc.d/init.d/xinetd restart

在centos7中:
无xinetd的service启动项
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]# service xinetd restart
Redirecting to /bin/systemctl restart xinetd.service
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]# systemctl restart xinetd.service
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]#

8、查看启动
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]# ps -ef|grep xinetd
root 14910 1 0 10:01 ? 00:00:00 /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
root 14919 14291 0 10:03 pts/0 00:00:00 grep --color=auto xinetd

9、测试telnet
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]# telnet 120.78.144.82
Trying 120.78.144.82…
Connected to 120.78.144.82.
Escape character is ‘^]‘.

Kernel 3.10.0-693.2.2.el7.x86_64 on an x86_64
iZwz95a6wosz6klzf7o6hcZ login: root
Password:

10、设置服务开机启动
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]# chkconfig --level 35 xinetd on
Note: Forwarding request to ‘systemctl enable xinetd.service‘.
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]# systemctl enable xinetd.service
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]#

11、查看启动项
[root@iZwz95a6wosz6klzf7o6hcZ xinetd.d]# chkconfig --list

Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.

If you want to list systemd services use ‘systemctl list-unit-files‘.
To see services enabled on particular target use
‘systemctl list-dependencies [target]‘.

aegis 0:off 1:off 2:on 3:on 4:on 5:on 6:off
agentwatch 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off

xinetd based services:
chargen-dgram: off
chargen-stream: off
daytime-dgram: off
daytime-stream: off
discard-dgram: off
discard-stream: off
echo-dgram: off
echo-stream: off
tcpmux-server: off
telnet: on
time-dgram: off
time-stream: off

问题1:总是提示Login incorrect

Kernel 3.10.0-693.2.2.el7.x86_64 on an x86_64
iZwz95a6wosz6klzf7o6hcZ login: root
Password:
Login incorrect
解决办法:
注释/etc/pam.d/remote的第一行,即:auth required pam_securetty.so

[root@iZwz95a6wosz6klzf7o6hcZ pam.d]# cat remote
#%PAM-1.0
#auth required pam_securetty.so
auth substack password-auth
auth include postlogin
account required pam_nologin.so
account include password-auth
password include password-auth

pam_selinux.so close should be the first session rule

session required pam_selinux.so close
session required pam_loginuid.so

pam_selinux.so open should only be followed by sessions to be executed in the user context

session required pam_selinux.so open
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin

问题2:登录不成功,防火墙设置

其他机器远程telnet的时候,登陆不成功,可能是防火墙的问题,修改防火墙的设置:

[root@iZwz95a6wosz6klzf7o6hcZ ~]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21434/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1169/sshd
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 21434/java
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 21434/java
tcp6 0 0 :::23 ::? LISTEN 14910/xinetd
tcp6 0 0 :::3306 ::? LISTEN 27713/mysqld
udp 0 0 0.0.0.0:68 0.0.0.0:* 760/dhclient
udp 0 0 172.18.222.199:123 0.0.0.0:* 859/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 859/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 859/ntpd
udp 0 0 0.0.0.0:2221 0.0.0.0:* 760/dhclient
udp6 0 0 :::123 ::? 859/ntpd
udp6 0 0 :::52914 ::? 760/dhclient

再使用iptables修改设置,使用service iptables save保存设置,然后service iptables restart重启防火墙:
[root@iZwz95a6wosz6klzf7o6hcZ ~]# iptables -I INPUT -p tcp --dport 23 -jACCEPT
[root@iZwz95a6wosz6klzf7o6hcZ ~]# iptables -I INPUT -p udp --dport 23 -jACCEPT
[root@iZwz95a6wosz6klzf7o6hcZ ~]# service iptables save --可能会有异常1
[root@iZwz95a6wosz6klzf7o6hcZ ~]# service iptables restart --若提示Redirecting…或者:/bin/systemctl restart iptables.service

异常1:
[root@iZwz95a6wosz6klzf7o6hcZ ~]# service iptables save
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.
解决:
1、关闭防火墙:[root@iZwz95a6wosz6klzf7o6hcZ etc]# systemctl stop firewalld
2、安装或更新服务:[root@iZwz95a6wosz6klzf7o6hcZ etc]# yum install iptables-services
3、启动iptables:[root@iZwz95a6wosz6klzf7o6hcZ etc]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
4、打开iptables:[root@iZwz95a6wosz6klzf7o6hcZ etc]# systemctl start iptables

[root@iZwz95a6wosz6klzf7o6hcZ etc]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

你可能感兴趣的:(linux)