1. 安装telnet服务

yum install xinetd telnet-server -y

2. 配置telnet

2.1 检查文件 /etc/xinetd.d/telnet 是否存在，如果不存在跳过本步骤：

> cat /etc/xinetd.d/telnet# default: on
# description: The telnet server serves telnet sessions; it uses \
#   unencrypted username/password pairs for authentication.
service telnet
{disable = noflags       = REUSEsocket_type = stream       wait        = nouser        = rootserver      = /usr/sbin/in.telnetdlog_on_failure  += USERID
}

修改该文件，将disable改为yes以允许root登录：

> vi /etc/xinetd.d/telnet# default: on
# description: The telnet server serves telnet sessions; it uses \
#   unencrypted username/password pairs for authentication.
service telnet
{disable = `yes`flags       = REUSEsocket_type = stream       wait        = nouser        = rootserver      = /usr/sbin/in.telnetdlog_on_failure  += USERID
}

2.2 配置telnet登录的终端类型，在/etc/securetty文件末尾增加一些pts终端

...
pts/0
pts/1
pts/2
pts/3

2.3 启动telnet服务，并设置开机自动启动

systemctl enable xinetd
systemctl enable telnet.socketsystemctl start telnet.socket
systemctl start xinetd

2.4 后续操作可以在telnet登录模式下操作

3. 安装Openssh8.3

安装依赖包：

yum install gcc gcc-c++ openssl-devel autoconf automake zlib zlib-devel pcre-devel pam-devel rpm-build pam-devel -y

下载Openssh包并编译安装Openssh:

wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz
tar -zxvf openssh-8.3p1.tar.gz
cd openssh-8.3p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl
make && make install

设置 /etc/ssh/sshd_config 文件如下：

Port 22
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
PermitRootLogin yes
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication yes
PidFile /var/run/sshd.pid
Subsystem       sftp    /usr/libexec/sftp-server
UsePam yes

复制配置文件并设置开机自启：

cp -a contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig sshd on
systemctl restart sshd

如果无法正常登录，可能是 pam 的 sshd 文件没有或者内容错误，检查并修改 /etc/pam.d/sshd 文件如下：

#%PAM-1.0
auth	   required	pam_sepermit.so
auth       substack     password-auth
auth       include      postlogin
# Used with polkit to reauthorize users in remote sessions
-auth      optional     pam_reauthorize.so prepare
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    include      postlogin
# Used with polkit to reauthorize users in remote sessions
-session   optional     pam_reauthorize.so prepare

检查 Openssh版本:

> ssh -V
OpenSSH_8.3p1, OpenSSL 1.0.2k-fips  26 Jan 2017