HPE Community
Operating System - HP-UX
1827056 Members
4510 Online
109713 Solutions
New Discussion

Re: telnetd disablement period

 
SOLVED
Go to solution
Paul Mezzanini
Advisor

‎01-10-2002 11:46 AM

‎01-10-2002 11:46 AM

telnetd disablement period

While I'm posting my quesions I'll throw this one out to you guru's.

I'm in the process of disabling telnetd on my boxes in favor of ssh(d). For this transitional period I would like it so that if a user tries to telnet to a box it will echo back a reply and then disconnect.

I just want to tell the users that telnet service is no longer available and they will need to ssh in (and they can get it from bla bla bla bla)

I thought I could change inetd.conf's telnet line to point to echo "message goes here" or to a shell script that does the same thing. It just dumps the connect without any echos.

There has got to be an easy way to do this, I just don't know how :)

thx
-paul
0 Kudos
Reply
14 REPLIES 14
Wilfred Chau_1
Respected Contributor

‎01-10-2002 11:57 AM

‎01-10-2002 11:57 AM

Re: telnetd disablement period

In your inetd.conf file add the -b option as follow to display a message:

telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b /etc/yourmessage

where /etc/yourmessage is a banner file.

0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎01-10-2002 11:58 AM

‎01-10-2002 11:58 AM

Re: telnetd disablement period

Hi Paul,

Yes there is.

One way I can think is to edit /etc/profile and keep a small scripts like this somewhere
in the file.

clear
cat << EOF

Telnet has been disabled... Use ssh
with the following procedure..
bla..bla..bla...

Good bye..

EOF

sleep 5
exit

This will display the message, waits for 5 secs and then disconnects the telnet session.


Do the same thing on /etc/csh.login for csh shell users.

-Sri


You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎01-10-2002 12:02 PM

‎01-10-2002 12:02 PM

Re: telnetd disablement period

Hi,
You can use either file (/etc/issue or /etc/motd).

Use the vi editor to open /etc/inetd.conf and change the lines below:

ftp stream tcp nowait root /usr/lbin/ftpd
telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b /etc/motd

-USA..
Good Luck..
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎01-10-2002 12:02 PM

‎01-10-2002 12:02 PM

Re: telnetd disablement period

Hi Paul,

I'm not so sure that you can configure something like that. you can configure telnet banner that will be displayed whenever a user does a telnet to the system. Here is the link on how to set the relnet banner,

http://us-support.external.hp.com/cki/bin/doc.pl/sid=2af75ab812ba0e21a0/screen=ckiDisplayDocument?docId=200000049635465

Now if you disable telnet login. this banner will not be displayed and so it will not solve your problem. you can use the /etc/inetd.sec to disable the telnet login. You can disable the telnet login from a single ip or multiple ip or from all ip's. Here is a link on how to set the same,

http://us-support.external.hp.com/cki/bin/doc.pl/sid=d3100b3b145b392a25/screen=ckiDisplayDocument?docId=200000047669302

I can't say that this will display the banner if a telnet session is started from the ip address in the denied list. You'll have to give it a try.

Hope this helps.

Regds
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎01-10-2002 12:06 PM

‎01-10-2002 12:06 PM

Re: telnetd disablement period

Hi Paul

Set up a no-telnet dir.
create a .profile with a message.
Now using etc
sleep x seconds
exit

Set this as the default login dir in passwd.

Quick and clean.

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Paul Mezzanini
Advisor

‎01-10-2002 12:17 PM

‎01-10-2002 12:17 PM

Re: telnetd disablement period

Man you guys reply fast... Let me see if I can knock some replies off before you post more :)

Wilfred and Uday:

That isn't quite what I had in mind. I want to display the message then disconnect the user. That would display the message then let them continue on with the session. This may need to be the route I've got to take anyway, but I would rather not.


Sridhar:

Wouldn't that also disable ssh connects and perhaps even console logins? I can never remember which logins call which files.

Paula:

I'm not really sure I know what you mean. Are you saying I should change everyone's homedir to a no-telnet one?

-paul
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎01-10-2002 12:25 PM

‎01-10-2002 12:25 PM

Re: telnetd disablement period

Hi Paul

Yes on the home dirs if that is suitable.

The other option is the banner file or motd.

If you wish to keep home dirs then their own .profile could look for connection type by chasing down their pid and if telnet involved then warn then and force an exit.

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Paul Mezzanini
Advisor

‎01-10-2002 01:03 PM

‎01-10-2002 01:03 PM

Re: telnetd disablement period

Paula:

I can't change the homedirs. Many people have a hard enough time with `cd` :)

I know that if I use the banner option people just won't read it, and then when I finally totally disable it my phone won't stop ringing.

Well, I guess I'll just make sure I'm out of range that day :)

-paul
0 Kudos
Reply
Jeff Machols
Esteemed Contributor

‎01-10-2002 01:11 PM

‎01-10-2002 01:11 PM

Re: telnetd disablement period

you could do something like this:

in /etc/profile

TEL_COUNT=`ps | grep telnetd` # this will show what our patent of the shell is
trap 1 2 3 15
if [ $TEL_COUNT -eq 1 ]
then
echo "Need to use SSH"
sleep 5
fi
0 Kudos
Reply
Jeff Machols
Esteemed Contributor

‎01-10-2002 01:11 PM

‎01-10-2002 01:11 PM

Re: telnetd disablement period

you could do something like this:

in /etc/profile

TEL_COUNT=`ps | grep telnetd` # this will show what our patent of the shell is
trap 1 2 3 15
if [ $TEL_COUNT -eq 1 ]
then
echo "Need to use SSH"
sleep 5
exit
fi
0 Kudos
Reply
Paul Mezzanini
Advisor

‎01-10-2002 01:13 PM

‎01-10-2002 01:13 PM

Re: telnetd disablement period

Jeff:

Lemme fire up my c240 test box and see if that works.

It still isn't as graceful as I would hope, but its pretty damn close :)

-paul
0 Kudos
Reply
Jeff Machols
Esteemed Contributor

‎01-10-2002 01:15 PM

‎01-10-2002 01:15 PM

Solution

Re: telnetd disablement period

oops, I had a typo

should be

COUNT=`ps | grep telnetd | wc -l`

I agree, it's not graceful, theres got to be a better way but I can't get one to work
Reply
Paul Mezzanini
Advisor

‎01-10-2002 01:26 PM

‎01-10-2002 01:26 PM

Re: telnetd disablement period

Jeff:

Just gotta do some tweaking of the message and spaces and then its all set.

I don't even think I will bother with the banner file... I will make what profile spewes out be descriptive enough.

Thanks
-paul
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎01-10-2002 01:30 PM

‎01-10-2002 01:30 PM

Re: telnetd disablement period

How dump I was??..

OK. You can modify the script as basically ssh session won't make use of telnetd.

TTY=`tty|sed 's/\/dev\///'`
ps -ef|grep telnetd |grep $TTY |grep -v grep
if [ $? = 0 ]
then clear
cat << EOF
Access is restricted to nly telnet...
EOF
sleep 5
read
exit
fi
See if this helps.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.