HPE Community
Operating System - HP-UX
1833857 Members
2330 Online
110063 Solutions
New Discussion

Re: telnet access

 
subhashni
Regular Advisor

‎07-06-2004 08:24 AM

‎07-06-2004 08:24 AM

telnet access

I like to know how to restrict telnet access to particular server(planning on allowing logins through ssh only).
Thanks in advance.
unix4me
0 Kudos
Reply
7 REPLIES 7
Sridhar Bhaskarla
Honored Contributor

‎07-06-2004 08:32 AM

‎07-06-2004 08:32 AM

Re: telnet access

Hi,

You will need to use /var/adm/inetd.sec file. Examples are given in that file. If you want to allow access to only one server like 20.20.20.20 then add the following line
telnet allow 20.20.20.20

and if you want to allow all the servers in 20.20.10 subnet plus 20.20.20.20, modify it as

telnet allow 20.20.20.20 20.20.10

Refresh inetd after the changes.

inetd -c

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Joy Orton
Occasional Advisor

‎07-06-2004 08:51 AM

‎07-06-2004 08:51 AM

Re: telnet access

to totally remove telnet service Comment the following line in /etc/inetd.conf
#telnet stream tcp nowait root /usr/lbin/telnetd telnetd
and then HUP the server inetd -c

I also like reassigning the telnet service to a different port in etc services.
Like 666
telnet 666/tcp
and "inetd -c"
to access "telnet servername 666"
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎07-06-2004 08:58 AM

‎07-06-2004 08:58 AM

Re: telnet access

surefire way of doing this is what Sri explained above. In digest form :

vi /var/adm/inetd.sec
... edit line starting with telnet
... if you do not have such a line create one
... add allowed ip addresses to this line
... save & exit

/usr/sbin/inetd -k
/usr/sbin/inetd -l (if you don't want logging enabled, drop -l option)

I do not trust "inetd -c" to re-read the conf files. kill and restart is better in my opinion
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Sean OB_1
Honored Contributor

‎07-06-2004 09:49 AM

‎07-06-2004 09:49 AM

Re: telnet access

To completely remove it simply remove the telnet line from inetd.conf and then stop and restart inetd as shown in the above post.

This is my recommendation. Do not allow telnet, unless you absolutely have to.

The next option is to Sri outlines, and restrict access via telnet from specific IP addresses or ranges. This is an ok solution, but is not as good as completely removing telnet.

Sean
0 Kudos
Reply
subhashni
Regular Advisor

‎07-06-2004 10:20 AM

‎07-06-2004 10:20 AM

Re: telnet access

Thanks for all of your sugg* .Thanks.

Here is a question which is not related to this post. But pls help, i need your advice.
In a server /etc/services,/etc/inetd.conf everything look good for in.telnetd.But in.telnetd is not running.Is there anyway to enable this or only reboot helps.
Thanks in advance.
unix4me
0 Kudos
Reply
Michael Tully
Honored Contributor

‎07-06-2004 10:32 AM

‎07-06-2004 10:32 AM

Re: telnet access

If your talking about the 'telnet' daemon (telnetd). telnet requests listen on port 23 and when the request is made, and is successful a telnetd will spawn for each granted session using inetd daemon as it's master.

If the telnet entry is commented out in /etc/inetd.conf it can be reinstated by uncommenting the line and running 'inetd -c'
Anyone for a Mutiny ?
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎07-06-2004 04:00 PM

‎07-06-2004 04:00 PM

Re: telnet access

Hai,

If you want to restrict the telnet access fully,then uncomment the service in inetd.conf or to give the specific access on telnet use tcpwrapper application.

If you are planning for secure telnetd with in.telnetd then, we have to configure the pam.conf to support that authentication.

Edit the pam.conf file for UNIX authentication, account management, session
management, and password management modules.

Check the unix in.telnetd+1M man page to more about the authentication with in.telnetd.

http://bama.ua.edu/cgi-bin/man-cgi?in.telnetd+1M

Regards,
Muthukumar.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.