Centos 7 telnet 詳解
telnet命令
telnet命令用於登入遠端主機,對遠端主機進行管理。telnet因為採用明文傳送報文,安全性不好,很多Linux伺服器都不開放telnet服務,而改用更安全的ssh方式了。但仍然有很多別的系統可能採用了telnet方式來提供遠端登入,因此弄清楚telnet客戶端的使用方式仍是很有必要的。
語法
選項
引數
- 遠端主機:指定要登入進行管理的遠端主機;
- 埠:指定TELNET協議使用的埠號。
例項
預設在centOS最小安裝下沒有安裝telnet服務的,需要自己安裝(root許可權):
錯誤:
- [[email protected] log]# telnet 192.168.10.56 27017
- -bash: telnet: command not found
1:檢視系統版本資訊(centos7):
- [[email protected] log]# cat /etc/issue
- \S
- Kernel \r on an \m
2:檢查是否安裝telnet:
3:進行安裝,客戶端和伺服器端:
- [
[email protected] log]# rpm -qa | grep telnet- [[email protected] log]#
- [[email protected] xinetd.d]# yum -y install telnet
- Loaded plugins: fastestmirror
- Loading mirror speeds from cached hostfile
- ……………………
- Verifying : 1:telnet-0.17-59.el7.x86_64 1/1
- Installed:
- telnet.x86_64 1:0.17-59.el7
- Complete!
- [[email protected] xinetd.d]# yum -y install telnet-server
- Loaded plugins: fastestmirror
- Loading mirror speeds from cached hostfile
- ……………………
- Verifying : 1:telnet-server-0.17-59.el7.x86_64 1/1
- Installed:
- telnet-server.x86_64 1:0.17-59.el7
- Complete!
注:如果安裝telnet-server服務啟動依賴xinetd服務.xinetd超級服務為管理保護各個服務,未安裝,需要首先按照。
xinetd:eXtended InterNET services daemon,超級Internet伺服器,常用來管理多種輕量級Internet服務。
4:檢視是否安裝xinetd (若安裝則不安裝):
- [[email protected] ~]# rpm -qa | grep xinetd
- [[email protected] ~]#
5:安裝xinetd服務:
- [[email protected] init.d]# yum -y install xinetd
- Loaded plugins: fastestmirror
- base | 3.6 kB 00:00:00
- ……………………
- Verifying : 2:xinetd-2.3.15-12.el7.x86_64 1/1
- Installed:
- xinetd.x86_64 2:2.3.15-12.el7
- Complete!
xinetd安裝完成!
6:telnet服務之後,預設是不開啟服務,修改檔案/etc/xinetd.d/telnet來開啟服務:
注:如有則修改,第一次修改,此檔案若不存在,可自己vim建立修改:
修改 disable = yes 為 disable = no
- [[email protected] xinetd.d]# pwd
- /etc/xinetd.d
- [[email protected] xinetd.d]# ls
- chargen-dgram chargen-stream daytime-dgram daytime-stream discard-dgram discard-stream echo-dgram echo-stream tcpmux-server time-dgram time-stream
- [[email protected] xinetd.d]# vim telnet
- [[email protected] xinetd.d]# cat telnet
修改後的telnet檔案為:
- # default: yes
- # description: The telnet server servestelnet sessions; it uses \
- # unencrypted username/password pairs for authentication.
- service telnet
- {
- flags = REUSE
- socket_type = stream
- wait = no
- user = root
- server =/usr/sbin/in.telnetd
- log_on_failure += USERID
- disable = no
- }
7:安裝後檢查:
- [[email protected] xinetd.d]# rpm -qa | grep telnet
- telnet-0.17-59.el7.x86_64
- telnet-server-0.17-59.el7.x86_64
- [[email protected] xinetd.d]# rpm -qa | grep xinetd
- xinetd-2.3.15-12.el7.x86_64
8:啟動telnet和依賴的xinetd服務:
在centos7之前:
- $ service xinetd restart
- 或$ /etc/rc.d/init.d/xinetd restart
在centos7中(無xinetd的service啟動項):
- [[email protected] xinetd.d]# service xinetd restart
- Redirecting to /bin/systemctl restart xinetd.service
- [[email protected] xinetd.d]# systemctl restart xinetd.service
或
[[email protected] xinetd.d]# /bin/systemctl restart xinetd.service
9:檢視啟動:
- [[email protected] xinetd.d]# ps -ef | grep xinetd
- root 6641 1 0 23:22 ? 00:00:00 /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
- root 6644 5817 0 23:24 pts/3 00:00:00 grep --color=auto xinetd
10:測試telent,輸入ip+使用者名稱+密碼登陸,登陸問題見備註附件:
11:設定服務開機啟動:
- [[email protected] pam.d]# telnet 192.168.10.56
- Trying 192.168.10.56...
- Connected to 192.168.10.56.
- Escape character is '^]'.
- Kernel 3.10.0-229.el7.x86_64 on an x86_64
- CentOS-Slave1 login: root
- Password:
- Last failed login: Sat Oct 17 23:25:50 CST 2015 from CentOS-Slave1 on pts/0
- There were 3 failed login attempts since the last successful login.
- Last login: Sat Oct 17 22:22:27 from CentOS-Slave1
- [[email protected] ~]# exit
- logout
- Connection closed by foreign host.
12:檢視:
- [[email protected] rc3.d]# chkconfig --level 35 xinetd on
- Note: Forwarding request to 'systemctl enable xinetd.service'.
- [[email protected] rc3.d]# systemctl enable xinetd.service
- [[email protected] rc3.d]# chkconfig --list
- Note: This output shows SysV services only and does not include native
- systemd services. SysV configuration data might be overridden by native
- systemd configuration.
- If you want to list systemd services use 'systemctl list-unit-files'.
- To see services enabled on particular target use
- 'systemctl list-dependencies [target]'.
- mysql 0:off 1:off 2:on 3:on 4:on 5:on 6:off
- netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
- network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
- xinetd based services:
- chargen-dgram: off
- chargen-stream: off
- daytime-dgram: off
- daytime-stream: off
- discard-dgram: off
- discard-stream: off
- echo-dgram: off
- echo-stream: off
- tcpmux-server: off
- telnet: on
- time-dgram: off
- time-stream: off
備註附件: 問題1:telnet下root登入,密碼正確,總提示:Login incorrect
解決1:註釋/etc/pam.d/remote的第一行,
即:auth required pam_securetty.so問題2:其他機器遠端telnet的時候,登陸不成功,可能是防火牆的問題,修改防火牆的設定: 注:netstat –tunlp檢視是否23埠被防火牆封掉:
- [[email protected] pam.d]# pwd
- /etc/pam.d
- [[email protected] pam.d]# cat remote
- #%PAM-1.0
- #telent 遠端root登陸允許
- #auth required pam_securetty.so
- auth substack password-auth
- auth include postlogin
- ………………
再使用iptables修改設定,使用service iptables save儲存設定,然後service iptables restart重啟防火牆:
- [[email protected] pam.d]# netstat -tunlp
- Active Internet connections (only servers)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 5891/./mongod
- tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 848/sshd
- tcp6 0 0 :::3306 :::* LISTEN 1997/mysqld
- tcp6 0 0 :::22 :::* LISTEN 848/sshd
- tcp6 0 0 :::23 :::* LISTEN 1/systemd
問題new: [[email protected] rc3.d]# chkconfig --level 35 xinetd on
- iptables -I INPUT -p tcp --dport 23 -jACCEPT
- iptables -I INPUT -p udp --dport 23 -jACCEPT
- service iptables save //儲存
- service iptables restart //重啟防火牆
Note: Forwarding request to 'systemctl enable xinetd.service'.
[[email protected] xinetd.d]# service xinetd restart
Redirecting to /bin/systemctl restart xinetd.service 解決new:
指令可以用,但是新版本系統,指令被(重新定向Redirecting/轉發Forwarding)到:
service xinetd restart ---> systemctl restart xinetd.service
chkconfig --level 35 xinetd on ---> systemctl enable sshd.service #對應為disable $.記住:以後控制服務就用這個指令。 疑問3:telnet登陸主機後會提示Escape character is '^]': 點選提示的意思是按Ctrl + ] 會撥出telnet的命令列,就可以執行telnet命令: telnet命令:
- #close關閉當前連線
- #logout強制退出遠端使用者並關閉連線
- #display顯示當前操作的引數
- #mode試圖進入命令列方式或字元方式
- #open連線到某一站點
- #quit退出
- #telnetsend傳送特殊字元
- #set設定當前操作的引數
- #unset復位當前操作引數