centos7离线更新openssl和openssh

centos7离线更新openssl和openssh

文章目录

  • centos7离线更新openssl和openssh
    • 一、 原来环境和版本
    • 二、准备的包
    • 三、安装依赖包
      • 安装pam
      • 安装xinted
      • 安装zlib
      • 安装telnet
      • 开启xinetd
      • 启动telnet
      • 关闭selinux
      • 关闭防火墙
    • 四、升级OpenSSL
      • 确保先有编译环境gcc,gcc-c++
      • 卸载旧的openssl包
      • 安装
      • make
      • 配置ssl库
    • 五、升级OpenSSH
      • 卸载
      • 安装
      • 备份ssh
      • 删除原ssh配置目录
      • make
      • 配置
      • 查看版本
      • 执行命令(这一步也很重要):
    • 六、关闭telnet
      • 关闭telnet服务
      • 还原
      • 配置生效
      • 删除(卸载)telnet-server包,命令如下:
      • 注释23端口号

一、 原来环境和版本


centos7.2

[root@incloudos openssh-8.0p1]# uname -r
3.10.0-327.el7.x86_64
[root@incloudos openssh-8.0p1]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)

openssl

[root@incloudos ~]# openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Mon Jun 29 12:45:07 UTC 2015
platform: linux-x86_64

openssh

[root@incloudos ~]# ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

httpd

[root@incloudos ~]# httpd -V
Server version: Apache/2.4.6 (CentOS)
Server built: Jul 18 2016 15:30:14
Server’s Module Magic Number: 20120211:24
Server loaded: APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture: 64-bit

二、准备的包


离线安装包下载地址:https://download.csdn.net/download/paincupid/11225992

openssl-1.0.2s.tar.gz

openssh-8.0p1.tar.gz

pam-1.1.8-22.el7.x86_64.rpm

pam-devel-1.1.8-22.el7.x86_64.rpm

zlib-1.2.7-17.el7.x86_64.rpm

zlib-devel-1.2.7-17.el7.x86_64.rpm

telnet-0.17-64.el7.x86_64.rpm

telnet-server-0.17-64.el7.x86_64.rpm

openssl-1.0.2k-12.el7.x86_64.rpm

之所以需要低版本的openssl,是因为如果在后面卸载openssl后,无法继续操作的话,再次安装openssl,不至于造成系统无法使用。

这些包可以自己搜索一下去下载,也可以通过yumdownloader来下载。(yumdownload 是安装yum-utils后可以使用)

先在外网安装yum-utils

yum install yum-utils

例如下载pam,可以执行:

#yumdownloader pam

也可以不用安装yum-utils,可以使用下面的命令下载相关依赖包

#yum install --downloadonly --downloaddir=/root/ pam

先下载好离线包,然后复制到内网机器,准备升级。

升级openssh,先要开启telnet,确保telnet可以正常登陆。这样当openssh升级出现问题的时候,还可以通过telnet登录到服务器操作。

三、安装依赖包


pam, pam-devel, xinted, zlib, zlib-devel, telnet, telnet-server

安装pam

先查看是否有pam已经安装

#rpm -qa |grep pam

[root@incloudos ~]# rpm  -qa |grep pam
fprintd-pam-0.5.0-4.0.el7_0.x86_64
pam-1.1.8-12.el7_1.1.x86_64

服务器上面有pam的包。

采用rpm -U升级安装,免得rpm -e --nodeps卸载包出现问题。(而且真有可能出现问题,尤其是zlib包)

#rpm  -Uvh  pam-1.1.8-22.el7.x86_64.rpm

#rpm -Uvh  pam-devel-1.1.8-22.el7.x86_64.rpm
[root@incloudos 2pam]# rpm  -Uvh  pam-1.1.8-22.el7.x86_64.rpm
warning: pam-1.1.8-22.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:pam-1.1.8-22.el7                 ################################# [ 50%]
Cleaning up / removing...
   2:pam-1.1.8-12.el7_1.1             ################################# [100%]

[root@incloudos 3pam-devel]# rpm -Uvh  pam-devel-1.1.8-22.el7.x86_64.rpm
warning: pam-devel-1.1.8-22.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:pam-devel-1.1.8-22.el7           ################################# [100%]

安装xinted

#rpm -Uvh xinetd-2.3.15-13.el7.x86_64.rpm

[root@incloudos 4xinted]# rpm  -Uvh  xinetd-2.3.15-13.el7.x86_64.rpm
warning: xinetd-2.3.15-13.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:xinetd-2:2.3.15-13.el7           ################################# [ 50%]
Cleaning up / removing...
   2:xinetd-2:2.3.15-12.el7           ################################# [100%]

安装zlib

#rpm -Uvh zlib-1.2.7-18.el7.x86_64.rpm

#rpm -Uvh zlib-devel-1.2.7-18.el7.x86_64.rpm

[root@incloudos 5zlib]# rpm -Uvh zlib-1.2.7-18.el7.x86_64.rpm
warning: zlib-1.2.7-18.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:zlib-1.2.7-18.el7                ################################# [ 50%]
Cleaning up / removing...
   2:zlib-1.2.7-15.el7                ################################# [100%]
[root@incloudos 5zlib]# rpm -Uvh zlib-devel-1.2.7-18.el7.x86_64.rpm
warning: zlib-devel-1.2.7-18.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
error: Failed dependencies:
        zlib-devel(x86-32) is needed by (installed) openssl-devel-1:1.0.1e-42.el7.9.i686

先用createrepo,再新建zlib-devel.repo,试用 yum install zlib-devel安装,提示

 [root@incloudos yum.repos.d]# yum install zlib-devel
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package zlib-devel.x86_64 0:1.2.7-15.el7 will be updated
---> Package zlib-devel.x86_64 0:1.2.7-18.el7 will be an update
--> Finished Dependency Resolution
Error:  Multilib version problems found. This often means that the root
       cause is something else and multilib version checking is just
       pointing out that there is a problem. Eg.:

         1. You have an upgrade for zlib-devel which is missing some
            dependency that another package requires. Yum is trying to
            solve this by installing an older version of zlib-devel of the
            different architecture. If you exclude the bad architecture
            yum will tell you what the root cause is (which package
            requires what). You can try redoing the upgrade with
            --exclude zlib-devel.otherarch ... this should give you an error
            message showing the root cause of the problem.

         2. You have multiple architectures of zlib-devel installed, but
            yum can only see an upgrade for one of those architectures.
            If you don't want/need both architectures anymore then you
            can remove the one with the missing update and everything
            will work.

         3. You have duplicate versions of zlib-devel installed already.
            You can use "yum check" to get yum show these errors.

       ...you can also use --setopt=protected_multilib=false to remove
       this checking, however this is almost never the correct thing to
       do as something else is very likely to go wrong (often causing
       much more problems).

       Protected multilib versions: zlib-devel-1.2.7-18.el7.x86_64 != zlib-devel-1.2.7-15.el7.i686

没升成功zlib-devel, 因为之前已经在使用zlib-devel-1.2.7-15.el7.i686

先略过…

安装telnet

#rpm -Uvh telnet-0.17-64.el7.x86_64.rpm

#rpm -Uvh telnet-server-0.17-64.el7.x86_64.rpm

[root@incloudos 6telnet]# rpm  -Uvh  telnet-0.17-64.el7.x86_64.rpm
warning: telnet-0.17-64.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:telnet-1:0.17-64.el7             ################################# [ 50%]
Cleaning up / removing...
   2:telnet-1:0.17-59.el7             ################################# [100%]
[root@incloudos 6telnet]# rpm  -Uvh  telnet-server-0.17-64.el7.x86_64.rpm
warning: telnet-server-0.17-64.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:telnet-server-1:0.17-64.el7      ################################# [100%]

开启xinetd

#systemctl start xinetd

查看状态

#systemctl status xinetd

#systemctl enable xinetd

[root@incloudos openssl3]# systemctl  status  xinetd
● xinetd.service - Xinetd A Powerful Replacement For Inetd
   Loaded: loaded (/usr/lib/systemd/system/xinetd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-06-04 10:50:10 CST; 27min ago
 Main PID: 10004 (xinetd)
   CGroup: /system.slice/xinetd.service
           └─10004 /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid

Jun 04 10:50:10 incloudos xinetd[10004]: removing discard
Jun 04 10:50:10 incloudos xinetd[10004]: removing discard
Jun 04 10:50:10 incloudos xinetd[10004]: removing echo
Jun 04 10:50:10 incloudos xinetd[10004]: removing echo
Jun 04 10:50:10 incloudos xinetd[10004]: removing tcpmux
Jun 04 10:50:10 incloudos xinetd[10004]: removing time
Jun 04 10:50:10 incloudos xinetd[10004]: removing time
Jun 04 10:50:10 incloudos xinetd[10004]: xinetd Version 2.3.15 started with libwrap loadavg labeled-networking options compiled in.
Jun 04 10:50:10 incloudos xinetd[10004]: Started working: 1 available service
Jun 04 10:50:10 incloudos systemd[1]: Started Xinetd A Powerful Replacement For Inetd.
[root@incloudos openssl3]# systemctl  enable  xinetd

启动telnet

#systemctl start telnet.socket

#systemctl status telnet.socket

#systemctl enable telnet.socket

[root@incloudos openssl3]# systemctl start telnet.socket
[root@incloudos openssl3]# systemctl status telnet.socket
● telnet.socket - Telnet Server Activation Socket
   Loaded: loaded (/usr/lib/systemd/system/telnet.socket; disabled; vendor preset: disabled)
   Active: active (listening) since Tue 2019-06-04 11:19:15 CST; 4s ago
     Docs: man:telnetd(8)
   Listen: [::]:23 (Stream)
 Accepted: 0; Connected: 0

Jun 04 11:19:15 incloudos systemd[1]: Listening on Telnet Server Activation Socket.
Jun 04 11:19:15 incloudos systemd[1]: Starting Telnet Server Activation Socket.
[root@incloudos openssl3]# .
-bash: .: filename argument required
.: usage: . filename [arguments]
[root@incloudos openssl3]# systemctl enable telnet.socket
Created symlink from /etc/systemd/system/sockets.target.wants/telnet.socket to /usr/lib/systemd/system/telnet.socket.

默认情况下,telnet是不允许root登录的。

执行命令:

#echo “pts/0” >> /etc/securetty

#echo “pts/1” >> /etc/securetty

关闭selinux

#vim /etc/selinux/config

将selinux设置为disable(记下改之前的状态)

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

关闭防火墙

先查看防火墙状态(升级完成后,要还原回原来iptables状态)

#systemctl status iptables

关闭防火墙

#systemctl stop iptables

编辑pam配置文件,以便telnet允许root登录。

#vim /etc/pam.d/login

注释掉第一行:auth [user_unknown=ignore success=ok jignore=ignore default=bad] pam_securetty.so前加#

#%PAM-1.0
#auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       substack     system-auth
auth       include      postlogin
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    include      postlogin
-session   optional     pam_ck_connector.so

编辑配置文件:

#vim /etc/pam.d/remote

注释这第一行:auth required pam_securetty.so前加#

#%PAM-1.0
#auth       required     pam_securetty.so
auth       substack     password-auth
auth       include      postlogin
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    include      postlogin

重启xinetd,telnet服务

#systemctl restart xinetd

#systemctl restart telnet.socket

然后从其他服务器利用telnet测试登录(当然另外一台服务器上已经安装了telnet)

#telnet ip

输入账号密码,登录成功。

telnet可以登录,实际上是开了另外一条可以登录服务器的通道,以免ssh升级出错,造成无法登录服务器。

四、升级OpenSSL

确保先有编译环境gcc,gcc-c++

先确保你的服务器上已经有gcc,gcc-c++。这两个是编译工具。

#rpm -qa | grep gcc

若没有安装,则执行安装,这里我已经下载了gcc,gcc-c++的包。

将文件夹中的gcc.repogcc-c++.repo复制到/etc/yum.repos.d

#yum install gcc gcc-c++

安装后

[root@incloudos yum.repos.d]# rpm -qa | grep gcc
gcc-4.8.5-4.el7.x86_64
libgcc-4.8.5-4.el7.x86_64
gcc-c++-4.8.5-4.el7.x86_64
gcc-objc++-4.8.5-4.el7.x86_64
gcc-objc-4.8.5-4.el7.x86_64
[root@incloudos yum.repos.d]# gcc --version
gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-4)
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

[root@incloudos yum.repos.d]# g++ --version
g++ (GCC) 4.8.5 20150623 (Red Hat 4.8.5-4)
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

卸载旧的openssl包

查看已安装

#rpm -qa | grep openssl

[root@incloudos 8gcc]# rpm  -qa | grep openssl
openssl-devel-1.0.1e-42.el7.9.x86_64
openssl-libs-1.0.1e-42.el7.9.x86_64
openssl-1.0.1e-42.el7.9.x86_64
openssl-devel-1.0.1e-42.el7.9.i686

解压openssl安装包

#tar zxvf openssl-1.0.2s

卸载这些包

#for i in $(rpm -qa |grep openssl);do rpm -e $i --nodeps ;done

进入openssl-1.0.2s目录

#cd openssl-1.0.2s

安装

执行:

#./config shared

make[1]: Leaving directory `/root/openssl-openssh/openssl3/openssl-1.0.2s/tools'
generating dummy tests (if needed)...
make[1]: Entering directory `/root/openssl-openssh/openssl3/openssl-1.0.2s/test'
md2test.c => dummytest.c
rc5test.c => dummytest.c
jpaketest.c => dummytest.c
make[1]: Leaving directory `/root/openssl-openssh/openssl3/openssl-1.0.2s/test'

Configured for linux-x86_64.
[root@incloudos openssl-1.0.2s]#

make

#make && make install

See any operating system documentation and manpages about shared
libraries for your version of UNIX.  The following manpages may be
helpful: ld(1), ld.so(1), ld.so.1(1) [Solaris], dld.sl(1) [HP],
ldd(1), crle(1) [Solaris], pldd(1) [Solaris], ldconfig(8) [Linux],
chatr(1) [HP].
cp libcrypto.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libcrypto.pc
cp libssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libssl.pc
cp openssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc

安装完毕。

执行命令:

#echo “/usr/local/ssl/lib” >> /etc/ld.so.conf

#ldconfig

配置ssl库

#cp /usr/local/ssl/lib/libssl.so.1.0.0  /usr/lib64

#cp /usr/local/ssl/lib/libcrypto.so.1.0.0  /usr/lib64

#ln -s /usr/lib64/libcrypto.so.1.0.0  /usr/lib64/libcrypto.so.10

#ln -s /usr/lib64/libcrypto.so.1.0.0  /usr/lib64/libcrypto.so

#ln -s /usr/lib64/libssl.so.1.0.0  /usr/lib64/libssl.so.10

#ln -s /usr/lib64/libssl.so.1.0.0  /usr/lib64/libssl.so

#ln -s /usr/local/ssl/bin/openssl  /usr/bin/openssl

#ln -s /usr/local/ssl/include/openssl  /usr/include/openssl

### 查看openssl版本

#openssl version -a

升级成功

五、升级OpenSSH


卸载

解压openssh安装包

#tar xvf openssh-8.0p1.tar.gz

#cd openssh-8.0p1

卸载原openssh

#rpm -qa | grep openssh

[root@incloudos openssl3]# rpm -qa | grep openssh
openssh-6.6.1p1-31.el7.x86_64
openssh-server-6.6.1p1-31.el7.x86_64
openssh-clients-6.6.1p1-31.el7.x86_64

卸载

#for i in $(rpm -qa |grep openssh);do rpm -e $i --nodeps ;done

安装

执行:

#./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening

              Host: x86_64-pc-linux-gnu
          Compiler: cc
    Compiler flags: -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -fstack-protector-strong
Preprocessor flags: -I/usr/local/ssl/include  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE
      Linker flags: -L/usr/local/ssl/lib  -fstack-protector-strong
         Libraries: -lcrypto -ldl -lutil -lz  -lcrypt -lresolv
         +for sshd:  -lpam

PAM is enabled. You may need to install a PAM control file
for sshd, otherwise password authentication may fail.
Example PAM control files can be found in the contrib/
subdirectory

[root@incloudos openssh-8.0p1]#

备份ssh

#cp /etc/ssh /root/ssh

删除原ssh配置目录

#rm -rf /etc/ssh

make

#make && make install

/usr/bin/install -c -m 644 ssh.1.out /usr/share/man/man1/ssh.1
/usr/bin/install -c -m 644 scp.1.out /usr/share/man/man1/scp.1
/usr/bin/install -c -m 644 ssh-add.1.out /usr/share/man/man1/ssh-add.1
/usr/bin/install -c -m 644 ssh-agent.1.out /usr/share/man/man1/ssh-agent.1
/usr/bin/install -c -m 644 ssh-keygen.1.out /usr/share/man/man1/ssh-keygen.1
/usr/bin/install -c -m 644 ssh-keyscan.1.out /usr/share/man/man1/ssh-keyscan.1
/usr/bin/install -c -m 644 moduli.5.out /usr/share/man/man5/moduli.5
/usr/bin/install -c -m 644 sshd_config.5.out /usr/share/man/man5/sshd_config.5
/usr/bin/install -c -m 644 ssh_config.5.out /usr/share/man/man5/ssh_config.5
/usr/bin/install -c -m 644 sshd.8.out /usr/share/man/man8/sshd.8
/usr/bin/install -c -m 644 sftp.1.out /usr/share/man/man1/sftp.1
/usr/bin/install -c -m 644 sftp-server.8.out /usr/share/man/man8/sftp-server.8
/usr/bin/install -c -m 644 ssh-keysign.8.out /usr/share/man/man8/ssh-keysign.8
/usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/share/man/man8/ssh-pkcs11-helper.8
/usr/bin/mkdir -p /etc/ssh
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
/usr/sbin/sshd -t -f /etc/ssh/sshd_config
[root@incloudos openssh-8.0p1]#

配置

安装完成,执行配置

#cp ./contrib/redhat/sshd.init /etc/init.d/sshd

#chkconfig --add sshd

#chkconfig sshd on

#chkconfig --list|grep sshd

[root@incloudos openssh-8.0p1]# chkconfig --list|grep sshd

Note: This output shows SysV services only and does not include native
      systemd services. SysV configuration data might be overridden by native
      systemd configuration.

      If you want to list systemd services use 'systemctl list-unit-files'.
      To see services enabled on particular target use
      'systemctl list-dependencies [target]'.

sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
[root@incloudos openssh-8.0p1]#

查看版本

#ssh -V

[root@incloudos openssh-8.0p1]# ssh  -V
OpenSSH_8.0p1, OpenSSL 1.0.2s  28 May 2019

执行命令(这一步也很重要):

#sed -i “32 aPermitRootLogin yes” /etc/ssh/sshd_config

#service sshd restart

[root@incloudos openssh-8.0p1]# sed -i "32 aPermitRootLogin yes" /etc/ssh/sshd_config
[root@incloudos openssh-8.0p1]#
[root@incloudos openssh-8.0p1]# service  sshd  restart
Restarting sshd (via systemctl):                           [  OK  ]
[root@incloudos openssh-8.0p1]#

升级完成。

从其他服务器ssh登录升级的服务器,登录成功!

注意:不要轻易卸载zlib软件

六、关闭telnet


关闭telnet服务

#chkconfig telnet off

[root@incloudos openssh-8.0p1]# chkconfig telnet off
Note: Forwarding request to 'systemctl disable telnet.socket'.
Removed symlink /etc/systemd/system/sockets.target.wants/telnet.socket.

“pts/0” >>

#vim /etc/securetty

删除pts/0和`pts/``

还原

还原selinux的config文件

#vim /etc/selinux/config

原来是什么值就还原什么值:
SELINUX=disabled (enforcing、permissive和disabled)

还原iptables状态
原来开启的话,就再开启

#systemctl start iptables

配置生效

#systemctl restart xinetd

or

#/etc/init.d/xinetd restart

删除(卸载)telnet-server包,命令如下:

rpm -e telnet-server

[root@incloudos openssh-8.0p1]# rpm -e telnet-server
[root@incloudos openssh-8.0p1]#
[root@incloudos openssh-8.0p1]# rpm -qa | grep telnet
telnet-0.17-64.el7.x86_64

注释23端口号

vim /etc/services

用另一台机器远程,提示失败

[root@k8s1 telnet]# telnet 100.2.29.123
Trying 100.2.29.123...
telnet: connect to address 100.2.29.123: No route to host

你可能感兴趣的:(CentOS)