topic Re: telnetd in Operating System - HP-UX

telnetd

Brett Penza — Wed, 22 Aug 2001 14:24:42 GMT

In looking at a "ps -ef", I am noticing a lot of processes with "telnetd" and root user. Is this something I should be concerned about.? What is the telnetd doing?

Re: telnetd

Edward Alfert_2 — Wed, 22 Aug 2001 14:34:13 GMT

those are all the users that are telneted into your server right now. Each connection has a unique connection.

when you do "ps -ef" and get a list like the following:
root 11456 17500 0 Aug 20 pts/tU 0:00 telnetd
root 1836 17500 0 07:01:17 pts/td 0:00 telnetd
root 24377 17500 0 05:25:53 pts/ta 0:00 telnetd
root 3592 17500 0 07:18:09 pts/ti 0:00 telnetd
root 9298 17500 0 08:13:03 pts/tI 0:00 telnetd
root 17409 17500 0 09:21:45 pts/t7 0:00 telnetd

you can then do:
who -u | grep pts/t7
and find out which user is using that specific connection.

the "root" in the list does not mean that a user logged in as root with that connection.

Re: telnetd

Tim Krego_1 — Wed, 22 Aug 2001 14:35:46 GMT

How are you connected to the machine? Are you on the local console?

Re: telnetd

Christopher McCray_1 — Wed, 22 Aug 2001 14:37:28 GMT

You can also use the last | more command to see who is still logged in and tail the /var/adm/sulog as well

Re: telnetd

Christopher McCray_1 — Wed, 22 Aug 2001 14:56:54 GMT

just as an add-in, the process telnetd is a subdaemon spawned by the superdaemon inetd every time a telnet session is established. The same goes for other daemons such as ftpd. To get the comprehensive list of processes controlled by inetd, look at inetd man pages.

Have a good day
Chris

Re: telnetd

Victor_5 — Wed, 22 Aug 2001 15:53:49 GMT

Hi Brett:

telnetd is a daemon servicing for telnet using the tcp protocol. In my system, many users are using telnet to access the unix box from their own PC which running on NT platform. That is why we see so many telnetd when do ps, my system has already run in this manner for long time, I don't think you need concern anything in this situation.

Re: telnetd

Enno Baars — Thu, 23 Aug 2001 15:27:29 GMT

There's just one thing missing in the answers so far:

If you care about the security of your system the answer is _yes_, you _should_ be concerned!

Obivously many users are connecting to your machine using telnet.
Now telnet has the bad habit of transmitting the password unencrypted when logging in - just as any data being transmitted while the connection is up. If someone can sniff the packets between the two machines he/she can easily get access to any account...

You should look into the SSH Suite - you'll get encrypted transmission etc. I'd recommend the OpenSource Version OpenSSH.

Checkout http://www.openssh.com/

Cheers,
Enno