topic Re: telnet access in Operating System - HP-UX

telnet access

subhashni — Tue, 06 Jul 2004 15:24:08 GMT

I like to know how to restrict telnet access to particular server(planning on allowing logins through ssh only).
Thanks in advance.

Re: telnet access

Sridhar Bhaskarla — Tue, 06 Jul 2004 15:32:21 GMT

Hi,

You will need to use /var/adm/inetd.sec file. Examples are given in that file. If you want to allow access to only one server like 20.20.20.20 then add the following line
telnet allow 20.20.20.20

and if you want to allow all the servers in 20.20.10 subnet plus 20.20.20.20, modify it as

telnet allow 20.20.20.20 20.20.10

Refresh inetd after the changes.

inetd -c

-Sri

Re: telnet access

Joy Orton — Tue, 06 Jul 2004 15:51:06 GMT

to totally remove telnet service Comment the following line in /etc/inetd.conf
#telnet stream tcp nowait root /usr/lbin/telnetd telnetd
and then HUP the server inetd -c

I also like reassigning the telnet service to a different port in etc services.
Like 666
telnet 666/tcp
and "inetd -c"
to access "telnet servername 666"

Re: telnet access

Mel Burslan — Tue, 06 Jul 2004 15:58:39 GMT

surefire way of doing this is what Sri explained above. In digest form :

vi /var/adm/inetd.sec
... edit line starting with telnet
... if you do not have such a line create one
... add allowed ip addresses to this line
... save & exit

/usr/sbin/inetd -k
/usr/sbin/inetd -l (if you don't want logging enabled, drop -l option)

I do not trust "inetd -c" to re-read the conf files. kill and restart is better in my opinion

Re: telnet access

Sean OB_1 — Tue, 06 Jul 2004 16:49:56 GMT

To completely remove it simply remove the telnet line from inetd.conf and then stop and restart inetd as shown in the above post.

This is my recommendation. Do not allow telnet, unless you absolutely have to.

The next option is to Sri outlines, and restrict access via telnet from specific IP addresses or ranges. This is an ok solution, but is not as good as completely removing telnet.

Sean

Re: telnet access

subhashni — Tue, 06 Jul 2004 17:20:27 GMT

Thanks for all of your sugg* .Thanks.

Here is a question which is not related to this post. But pls help, i need your advice.
In a server /etc/services,/etc/inetd.conf everything look good for in.telnetd.But in.telnetd is not running.Is there anyway to enable this or only reboot helps.
Thanks in advance.

Re: telnet access

Michael Tully — Tue, 06 Jul 2004 17:32:15 GMT

If your talking about the 'telnet' daemon (telnetd). telnet requests listen on port 23 and when the request is made, and is successful a telnetd will spawn for each granted session using inetd daemon as it's master.

If the telnet entry is commented out in /etc/inetd.conf it can be reinstated by uncommenting the line and running 'inetd -c'

Re: telnet access

Muthukumar_5 — Tue, 06 Jul 2004 23:00:38 GMT

Hai,

If you want to restrict the telnet access fully,then uncomment the service in inetd.conf or to give the specific access on telnet use tcpwrapper application.

If you are planning for secure telnetd with in.telnetd then, we have to configure the pam.conf to support that authentication.

Edit the pam.conf file for UNIX authentication, account management, session
management, and password management modules.

Check the unix in.telnetd+1M man page to more about the authentication with in.telnetd.

http://bama.ua.edu/cgi-bin/man-cgi?in.telnetd+1M

Regards,
Muthukumar.