默认情况下, linux 不允许 root 用户以 telnet 方式登录 linux 主机, 若要允许 root 用户登录, 可采取以下 3 种方法之一:
1, 修改 login 文件
redhat 中对于远程登录的限制体现在 / etc/pam.d/login 文件中, 如果把限制的内容注销掉, 那么限制将不起作用.
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth include system-auth
#account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
~
2, 移除 securetty 文件
验证规则设置在 / etc/security 文件中, 该文件定义 root 用户只能在 tty1-tty6 的终端上记录, 删除该文件或者将其改名即可避开验证规则实现 root 用户远程登录.
[root@rhel ~]# mv /etc/securetty /etc/securetty.bak
3, 修改 securetty 文件
[root@rhel ~]# vim /etc/securetty
console
vc/1
....
....
vc/10
tty1
....
tty11
pts/1
pts/2
....
....
....
pts/11
一般不建议此方法
来源: http://www.bubuko.com/infodetail-2484139.html