默認情況下,linux不允許root用戶以telnet方式登錄linux主機,若要允許root用戶登錄,可采取以下3種方法之一:
1、修改login文件
redhat中對於遠程登錄的限制體現在/etc/pam.d/login 文件中,如果把限制的內容注銷掉,那么限制將不起作用。
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth include system-auth
#account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
~
2、移除securetty文件
驗證規則設置在/etc/security文件中,該文件定義root用戶只能在tty1-tty6的終端上記錄,刪除該文件或者將其改名即可避開驗證規則實現root用戶遠程登錄。
[root@rhel ~]# mv /etc/securetty /etc/securetty.bak
3、修改securetty文件
[root@rhel ~]# vim /etc/securetty
console
vc/1
....
....
vc/10
tty1
....
tty11
pts/1
pts/2
....
....
....
pts/11
一般不建議此方法