前言:
此时看官们对“卸载telnet服务”大致比较注意,同学们都需要分析一些“卸载telnet服务”的相关资讯。那么小编也在网摘上汇集了一些有关“卸载telnet服务””的相关文章,希望大家能喜欢,看官们快快来了解一下吧!openssh下载链接:
1.备份原来的pam.d下的sshd文件
mv /etc/pam.d/sshd /etc/pam.d/sshd-bak && ls -l /etc/pam.d/sshd* && cp -r /etc/ssh /etc/ssh-bak
当备份pam.d下的sshd文件时,发现该路径下没有此文件,可以从其他服务器拷贝一个过来,或是执行vi /etc/pam.d/sshd,输入如下内容
cat <<EOF> /etc/pam.d/sshd#%PAM-1.0auth substack password-authauth include postloginaccount required pam_sepermit.soaccount required pam_nologin.soaccount include password-authpassword include password-auth# pam_selinux.so close should be the first session rulesession required pam_selinux.so closesession required pam_loginuid.so# pam_selinux.so open should only be followed by sessions to be executed in the user contextsession required pam_selinux.so open env_paramssession required pam_namespace.sosession optional pam_keyinit.so force revokesession optional pam_motd.sosession include password-authsession include postloginEOF
2.解决依赖关系
Linux7.x
yum -y install wget gcc zlib-devel openssl-devel pam-devel libselinux-devel tar net-tools telnet \telnet-server xinetd make cmake
Linux8.x
dnf -y install wget gcc zlib-devel openssl-devel pam-devel libselinux-devel tar net-tools telnet \telnet-server xinetd make cmake
Linux9.x
dnf -y install wget gcc zlib-devel openssl-devel pam-devel libselinux-devel tar net-tools telnet \telnet-server make cmake
3.设置telnet开机启动,是为了防止在卸载旧版ssh的时候出现中断后无法连接服务器
Linux9.x系统,需要下载一个Linux7.0或Linux8.x的xinetd文件安装
wget && \dnf -y localinstall xinetd-2.3.15-25.el8.x86_64.rpm
修改xientd配置文件
touch /etc/xinetd.d/telnet && \cat <<EOF> /etc/xinetd.d/telnetservice telnet{ flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no}EOF
加入开机自启并启动telnet服务
systemctl daemon-reload && systemctl enable xinetd && systemctl start xinetd
4.卸载原来的openssh
rpm -e --nodeps `rpm -qa | grep openssh`
5.解决在编译的时候提示权限过高
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
6.下载并解压最新的openssh
cd /tmp && wget && \tar xf openssh-9.7p1.tar.gz && \cd openssh-9.7p1 && \./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam \--with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --with-zlib=/usr/local/zlib \--without-hardening && make && make install
7.复制配置文件并设置允许root用户远程登录
Linux7.x 或 Linux8.x添加如下内容
#Linux7.x 或 Linux8.x添加如下内容cd /tmp/openssh-9.7p1 && \cp -a contrib/redhat/sshd.init /etc/init.d/sshd && \cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam && \chown -R root.root /etc/init.d/sshd && \chmod u+x /etc/init.d/sshd
Linux9.x系统添加如下内容
cat <<EOF>/usr/lib/systemd/system/sshd.service[Unit]Description=OpenSSH server daemonAfter=network.target[Service]Type=forckingEnvironmentFile=-/etc/sysconfig/sshdExecStart=/usr/sbin/sshd -D $OPTIONSExecStop=/bin/kill-s QUIT $MAINPIDExecReload=/usr/bin/kill -HUP $MAINPIDKillMode=processRestart=on-failureRestartSec=42s[Install]WantedBy=multi-user.targetEOF
8.修改配置文件/etc/ssh/sshd_config
#1.修改#PermitRootLogin prohibit-password项,去掉注释#并把prohibit-password改为yes,修改后即为PermitRootLogin yes#2.去掉注释#PasswordAuthentication yes变为PasswordAuthentication yessed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config && \sed -i "s/#PasswordAuthentication yes/PasswordAuthentication yes/g" /etc/ssh/sshd_config
9.添加添加自启服务ssh到开机启动项
Linux7.x或Linux8.x
chkconfig --add sshd && chkconfig sshd on
Linux9.x
systemctl daemon-reload && systemctl enable sshd && systemctl restart sshd
10.验证结果
ssh -V
如果重启发现sshd无法启动,如下图所示
解决:
是因为selinux开启的原因,只要将selinux关闭,重启下即可
#临时关闭setenforce 0#永久关闭需要修改/etc/selinux/config文件,将SELINUX=enforcing或者SELINUX=permissive修改为如下SELINUX=disabledsystemctl restart sshd
在linux9.x环境下,记得一定要把selinux关闭,不然,输入用户名后会被一直提示密码错误
11.重启服务器
reboot
12.卸载telnet
dnf -y remove telnet telnet-server xinetd
标签: #卸载telnet服务