CentOS6.0安装telnet-server启用telnet服务
一步到位
fp="/etc/yum.repos.d" ; cp -a ${fp} ${fp}.$(date +%0y%0m%0d%0H%0M%0S).bkup
echo '[base]
name=CentOS-$releasever - Base
baseurl=http://mirrors.163.com/centos-vault/6.0/os/$basearch/
http://mirrors.aliyun.com/centos-vault/6.0/os/$basearch/
http://mirrors.huaweicloud.com/centos-vault/6.0/os/$basearch/
http://mirrors.cloud.tencent.com/centos-vault/6.0/os/$basearch/
http://archive.kernel.org/centos-vault/6.0/os/$basearch/
http://linuxsoft.cern.ch/centos-vault/6.0/os/$basearch/
http://mirrors.tuna.tsinghua.edu.cn/centos-vault/6.0/os/$basearch/
http://mirrors.ustc.edu.cn/centos-vault/6.0/os/$basearch/
http://mirrors.cqupt.edu.cn/centos-vault/6.0/os/$basearch/
http://mirrors.zju.edu.cn/centos-vault/6.0/os/$basearch/
http://mirror.nyist.edu.cn/centos-vault/6.0/os/$basearch/
http://mirrors.pku.edu.cn/centos-vault/6.0/os/$basearch/
http://mirror.nsc.liu.se/centos-store/6.0/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
[updates]
name=CentOS-$releasever - Updates
baseurl=http://mirrors.163.com/centos-vault/6.0/updates/$basearch/
http://mirrors.aliyun.com/centos-vault/6.0/updates/$basearch/
http://mirrors.huaweicloud.com/centos-vault/6.0/updates/$basearch/
http://mirrors.cloud.tencent.com/centos-vault/6.0/updates/$basearch/
http://archive.kernel.org/centos-vault/6.0/updates/$basearch/
http://linuxsoft.cern.ch/centos-vault/6.0/updates/$basearch/
http://mirrors.tuna.tsinghua.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirrors.ustc.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirrors.cqupt.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirrors.zju.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirror.nyist.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirrors.pku.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirror.nsc.liu.se/centos-store/6.0/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
[extras]
name=CentOS-$releasever - Extras
baseurl=http://mirrors.163.com/centos-vault/6.0/extras/$basearch/
http://mirrors.aliyun.com/centos-vault/6.0/extras/$basearch/
http://mirrors.huaweicloud.com/centos-vault/6.0/extras/$basearch/
http://mirrors.cloud.tencent.com/centos-vault/6.0/extras/$basearch/
http://archive.kernel.org/centos-vault/6.0/extras/$basearch/
http://linuxsoft.cern.ch/centos-vault/6.0/extras/$basearch/
http://mirrors.tuna.tsinghua.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirrors.ustc.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirrors.cqupt.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirrors.zju.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirror.nyist.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirrors.pku.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirror.nsc.liu.se/centos-store/6.0/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
[epel-archive]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://mirrors.aliyun.com/epel-archive/6/$basearch
http://mirrors.cloud.tencent.com/epel-archive/6/$basearch
http://repo.jing.rocks/fedora-buffet/archive/epel/6/$basearch
http://archives.fedoraproject.org/pub/archive/epel/6/$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
' > /etc/yum.repos.d/CentOS-Base.repo
yum clean all ; yum makecache
yum install telnet-server -y
chkconfig telnet on ; cat /etc/xinetd.d/telnet && service xinetd restart
fp=/etc/sysconfig/iptables ; cp -a $fp $fp.$(date +%0y%0m%0d%0H%0M%0Sns%0N).bkup
iptables -I INPUT -p tcp --dport 23 -j ACCEPT
#iptables -I INPUT -p udp --dport 23 -j ACCEPT
/etc/rc.d/init.d/iptables save ### 此iptables非彼iptables
service iptables restart ; service iptables status
fp=/etc/securetty ; cp -a $fp $fp.$(date +%0y%0m%0d%0H%0M%0Sns%0N).bkup
echo -e "\n\n\npts/1\npts/2\npts/3\npts/4\npts/5\npts/6\npts/7\npts/8\npts/9\npts/10\npts/11\npts/12" >> /etc/securetty ; cat /etc/securetty
service xinetd restart
按步骤来
1. 换yum源
备份 /etc/yum.repos.d/ 文件夹
fp="/etc/yum.repos.d" ; cp -a ${fp} ${fp}.$(date +%0y%0m%0d%0H%0M%0S).bkup
修改 /etc/yum.repos.d/CentOS-Base.repo 的内容
vi /etc/yum.repos.d/CentOS-Base.repo
为
[base]
name=CentOS-$releasever - Base
baseurl=http://mirrors.163.com/centos-vault/6.0/os/$basearch/
http://mirrors.aliyun.com/centos-vault/6.0/os/$basearch/
http://mirrors.huaweicloud.com/centos-vault/6.0/os/$basearch/
http://mirrors.cloud.tencent.com/centos-vault/6.0/os/$basearch/
http://archive.kernel.org/centos-vault/6.0/os/$basearch/
http://linuxsoft.cern.ch/centos-vault/6.0/os/$basearch/
http://mirrors.tuna.tsinghua.edu.cn/centos-vault/6.0/os/$basearch/
http://mirrors.ustc.edu.cn/centos-vault/6.0/os/$basearch/
http://mirrors.cqupt.edu.cn/centos-vault/6.0/os/$basearch/
http://mirrors.zju.edu.cn/centos-vault/6.0/os/$basearch/
http://mirror.nyist.edu.cn/centos-vault/6.0/os/$basearch/
http://mirrors.pku.edu.cn/centos-vault/6.0/os/$basearch/
http://mirror.nsc.liu.se/centos-store/6.0/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
[updates]
name=CentOS-$releasever - Updates
baseurl=http://mirrors.163.com/centos-vault/6.0/updates/$basearch/
http://mirrors.aliyun.com/centos-vault/6.0/updates/$basearch/
http://mirrors.huaweicloud.com/centos-vault/6.0/updates/$basearch/
http://mirrors.cloud.tencent.com/centos-vault/6.0/updates/$basearch/
http://archive.kernel.org/centos-vault/6.0/updates/$basearch/
http://linuxsoft.cern.ch/centos-vault/6.0/updates/$basearch/
http://mirrors.tuna.tsinghua.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirrors.ustc.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirrors.cqupt.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirrors.zju.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirror.nyist.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirrors.pku.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirror.nsc.liu.se/centos-store/6.0/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
[extras]
name=CentOS-$releasever - Extras
baseurl=http://mirrors.163.com/centos-vault/6.0/extras/$basearch/
http://mirrors.aliyun.com/centos-vault/6.0/extras/$basearch/
http://mirrors.huaweicloud.com/centos-vault/6.0/extras/$basearch/
http://mirrors.cloud.tencent.com/centos-vault/6.0/extras/$basearch/
http://archive.kernel.org/centos-vault/6.0/extras/$basearch/
http://linuxsoft.cern.ch/centos-vault/6.0/extras/$basearch/
http://mirrors.tuna.tsinghua.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirrors.ustc.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirrors.cqupt.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirrors.zju.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirror.nyist.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirrors.pku.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirror.nsc.liu.se/centos-store/6.0/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
[epel-archive]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://mirrors.aliyun.com/epel-archive/6/$basearch
http://mirrors.cloud.tencent.com/epel-archive/6/$basearch
http://repo.jing.rocks/fedora-buffet/archive/epel/6/$basearch
http://archives.fedoraproject.org/pub/archive/epel/6/$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
重建yum缓存
yum clean all ; yum makecache
2. 安装 telnet-server ,启用telnet服务
- 安装 telnet-server
yum install telnet-server -y
启用telnet服务
- 启用服务
cat /etc/xinetd.d/telnet 原版
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}
方法1: 用编辑器修改, 比如vi
vi /etc/xinetd.d/telnet
方法2:
查看效果
sed -e '/disable/s|yes|no|ig' /etc/xinetd.d/telnet
将更改应用到文件,并查看
sed -ie '/disable/s|yes|no|ig' /etc/xinetd.d/telnet ; cat /etc/xinetd.d/telnet
方法3
发现用 chkconfig telnet on 和 chkconfig telnet off 也能达到相同效果
chkconfig telnet off ; cat /etc/xinetd.d/telnet
chkconfig telnet on ; cat /etc/xinetd.d/telnet
重启 xinetd服务
service xinetd restart
3. 关闭防火墙,或开放端口23
– 关闭防火墙
chkconfig iptables off ; service iptables stop
– 开放23端口
备份 /etc/sysconfig/iptables
fp=/etc/sysconfig/iptables ; cp -a $fp $fp.$(date +%0y%0m%0d%0H%0M%0Sns%0N).bkup
查看 /etc/sysconfig/iptables
cat /etc/sysconfig/iptables
新装的内容为
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
方法1: 直接修改文件为
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
注意,规则必须添加在 “-A INPUT -j REJECT --reject-with icmp-host-prohibited” 这一句之前 , 所以,如果用命令添加的话,要用-I插入,不要用-A追加
方法2: 用 iptables添加规则 , 再用 iptables-save 输出添加规则到文件
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
iptables-save ### 查看规则 , iptables-save完全没有保存作用,只有查看作用
iptables-save > /etc/sysconfig/iptables ### 将iptables-save合成输出的新规则保存到文件
经测试,下面👇这种写法不行
iptables -A INPUT -p tcp --dport 23 -j ACCEPT
iptables -A INPUT -p udp --dport 23 -j ACCEPT
上面👆这种方法不行,原因是, -A是追加, -I是插入, 必须用-I, 因为规则必须写在 “-A INPUT -j REJECT --reject-with icmp-host-prohibited” 这一句之前
方法3: 用 iptables添加规则 , 再用 /etc/rc.d/init.d/iptables save 保存规则 , 此iptables非彼iptables
iptables -I INPUT -p tcp --dport 23 -j ACCEPT
iptables -I INPUT -p udp --dport 23 -j ACCEPT
/etc/rc.d/init.d/iptables save ### 此iptables非彼iptables
重启并查看 iptables 服务
service iptables restart ; service iptables status
在VirtualBox7.0.18环境下,的仅主机模式,有时只能关闭iptables才能连通
4. 让telnet允许虚拟终端登录
在已安装telnet的Windows的控制台输入 telnet ip 发现登录不了
查看目标机日志less /var/log/secure 有
pam_securetty(remote:auth): access denied: tty ‘pts/1’ is not secure !
这样的内容, 所以向 /etc/securetty 添加 pst/1
cat /etc/securetty 原版为
console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
备份 cat /etc/securetty
fp=/etc/securetty ; cp -a $fp $fp.$(date +%0y%0m%0d%0H%0M%0Sns%0N).bkup
添加 pts/1 …到 pts/12 , 并查看
echo -e "\n\n\npts/1\npts/2\npts/3\npts/4\npts/5\npts/6\npts/7\npts/8\npts/9\npts/10\npts/11\npts/12" >> /etc/securetty ; cat /etc/securetty
console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
pts/1
pts/2
pts/3
pts/4
pts/5
pts/6
pts/7
pts/8
pts/9
pts/10
pts/11
pts/12
重启 xinetd
service xinetd restart
一气呵成
fp="/etc/yum.repos.d" ; cp -a ${fp} ${fp}.$(date +%0y%0m%0d%0H%0M%0S).bkup
echo '[base]
name=CentOS-$releasever - Base
baseurl=http://mirrors.163.com/centos-vault/6.0/os/$basearch/
http://mirrors.aliyun.com/centos-vault/6.0/os/$basearch/
http://mirrors.huaweicloud.com/centos-vault/6.0/os/$basearch/
http://mirrors.cloud.tencent.com/centos-vault/6.0/os/$basearch/
http://archive.kernel.org/centos-vault/6.0/os/$basearch/
http://linuxsoft.cern.ch/centos-vault/6.0/os/$basearch/
http://mirrors.tuna.tsinghua.edu.cn/centos-vault/6.0/os/$basearch/
http://mirrors.ustc.edu.cn/centos-vault/6.0/os/$basearch/
http://mirrors.cqupt.edu.cn/centos-vault/6.0/os/$basearch/
http://mirrors.zju.edu.cn/centos-vault/6.0/os/$basearch/
http://mirror.nyist.edu.cn/centos-vault/6.0/os/$basearch/
http://mirrors.pku.edu.cn/centos-vault/6.0/os/$basearch/
http://mirror.nsc.liu.se/centos-store/6.0/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
[updates]
name=CentOS-$releasever - Updates
baseurl=http://mirrors.163.com/centos-vault/6.0/updates/$basearch/
http://mirrors.aliyun.com/centos-vault/6.0/updates/$basearch/
http://mirrors.huaweicloud.com/centos-vault/6.0/updates/$basearch/
http://mirrors.cloud.tencent.com/centos-vault/6.0/updates/$basearch/
http://archive.kernel.org/centos-vault/6.0/updates/$basearch/
http://linuxsoft.cern.ch/centos-vault/6.0/updates/$basearch/
http://mirrors.tuna.tsinghua.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirrors.ustc.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirrors.cqupt.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirrors.zju.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirror.nyist.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirrors.pku.edu.cn/centos-vault/6.0/updates/$basearch/
http://mirror.nsc.liu.se/centos-store/6.0/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
[extras]
name=CentOS-$releasever - Extras
baseurl=http://mirrors.163.com/centos-vault/6.0/extras/$basearch/
http://mirrors.aliyun.com/centos-vault/6.0/extras/$basearch/
http://mirrors.huaweicloud.com/centos-vault/6.0/extras/$basearch/
http://mirrors.cloud.tencent.com/centos-vault/6.0/extras/$basearch/
http://archive.kernel.org/centos-vault/6.0/extras/$basearch/
http://linuxsoft.cern.ch/centos-vault/6.0/extras/$basearch/
http://mirrors.tuna.tsinghua.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirrors.ustc.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirrors.cqupt.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirrors.zju.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirror.nyist.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirrors.pku.edu.cn/centos-vault/6.0/extras/$basearch/
http://mirror.nsc.liu.se/centos-store/6.0/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
[epel-archive]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://mirrors.aliyun.com/epel-archive/6/$basearch
http://mirrors.cloud.tencent.com/epel-archive/6/$basearch
http://repo.jing.rocks/fedora-buffet/archive/epel/6/$basearch
http://archives.fedoraproject.org/pub/archive/epel/6/$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
' > /etc/yum.repos.d/CentOS-Base.repo
yum clean all ; yum makecache
yum install telnet-server -y
chkconfig telnet on ; cat /etc/xinetd.d/telnet && service xinetd restart
fp=/etc/sysconfig/iptables ; cp -a $fp $fp.$(date +%0y%0m%0d%0H%0M%0Sns%0N).bkup
iptables -I INPUT -p tcp --dport 23 -j ACCEPT
#iptables -I INPUT -p udp --dport 23 -j ACCEPT
/etc/rc.d/init.d/iptables save ### 此iptables非彼iptables
service iptables restart ; service iptables status
fp=/etc/securetty ; cp -a $fp $fp.$(date +%0y%0m%0d%0H%0M%0Sns%0N).bkup
echo -e "\n\n\npts/1\npts/2\npts/3\npts/4\npts/5\npts/6\npts/7\npts/8\npts/9\npts/10\npts/11\npts/12" >> /etc/securetty ; cat /etc/securetty
service xinetd restart
windows 安装telnet
"win键+r"运行 optionalfeatures 打开 “启用或关闭 Windows 功能”
optionalfeatures
勾选 “Telnet 客户端” 选项 [确定]
在cmd控制台就能使用 telnet 命令了
telnet 目标ip地址
A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 是什么意思
A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
这条命令是用于配置Linux系统的iptables防火墙规则的,具体地,它定义了一个规则来允许进入的(incoming)TCP连接,这些连接的目标端口(destination port)是22号端口,也就是SSH服务的默认端口。下面是对这条命令的详细解释:
-
-A INPUT:这个部分表示向INPUT链(chain)追加(Append)一条规则。INPUT链是iptables中用于处理进入本机的数据包的一个链。 -
-p tcp:指定这条规则仅适用于TCP协议的数据包。 -
-m state --state NEW:这个部分使用了state模块来匹配数据包的状态。--state NEW表示只匹配那些新建立的连接的数据包。这是因为SSH连接首先会建立一个TCP连接,而这条规则就是用来允许这个新连接的。 -
-m tcp --dport 22:这里再次使用了tcp模块(虽然-p tcp已经指定了协议,但-m tcp允许你进一步指定TCP相关的匹配条件),--dport 22表示只匹配目标端口(destination port)为22的数据包。SSH服务默认监听22端口,因此这个条件用于允许SSH连接的进入。 -
-j ACCEPT:最后,-j指定了当数据包匹配这条规则时应该采取的动作。ACCEPT表示接受这个数据包,即允许它进入本机。
综上所述,这条iptables规则的意思是:“对于所有新建立的、目标端口为22的TCP连接,允许它们进入本机。” 这通常用于允许SSH连接,因为SSH服务默认监听22端口。
