Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

disabling telnet, rlogin... etc....

Status
Not open for further replies.
spyghost

spyghost

Technical User
Jan 17, 2003
52
HK
hi,

i have implemented ssh on my remote logins to my solaris. i have already disabled those uneeded remote access services such as telnet, rlogin, etc... as well as ftp.

now how can i create a prompt such that if telnet <system> is used, i would be able to see some message saying... "Telnet to this machine is disabled... exiting..."
or if ftp <system> is used, the user would see something like "FTP is not allowed in this machine"

how can i do that?

???
 
Sort by date Sort by votes
Presumably if telnet and ftp are disabled, the connection would fail anyway, therefore any message wouldn't be necessary or even possible?
 
Upvote 0 Downvote
Presumably they were disabled by just commenting out or removing the /etc/services entries and restarting or sending a HUP signal to inetd?

I don't particularly no why you need these messages since they can't get in anyway. But you could do the following:

1) Write a little C-program that just prints out your message:
#include <stdio.h>
main() {
printf("This services has been disabled on this machine\n");
}

2) Change the /etc/inetd.conf entry for the service to point to your C program binary. For example for telnet it probably was this:
telnet stream tcp6 nowait root /usr/sbin/in.telnetd in.telned
change it to this:
telnet stream tcp6 nowait root /usr/local/bin/foo foo
(assuming your program is called "/usr/local/bin/foo")

3) Re-enable the /etc/services entries

4) kill -HUP `ps -ef | grep inetd | grep -v grep | awk '{print $2}'`
 
Upvote 0 Downvote
The only problem with creating your own program and binding it to the applicable disabled ports is that you may be vulernable to exploits.

How much memory would each instance of your program use if it was called? What if a hacker called it 10 times? What if a hacker called it 1000 times? Do you have a restriction on how many connections the port will allow (See xinetd and/or ipfilter)?

In Wonboodoo's example, the program would be run as root. This isn't a good idea for many reasons. If you do decide to persue this, consider using a user with no real access.

Don't get me wrong. I've done exactly what Wonboodoo has suggested (as a different user and using IPV4 though) and it worked for me. Just be aware that there may be other issues that come up.

Good luck!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Senarasan
  • Locked
  • Question
Solaris11.3 /etc/resolv.conf not creating after reboot
Replies
0
Views
117
Senarasan
Senarasan
KenCunningham
  • Locked
  • Question
Strange telnet problem 2
Replies
13
Views
175
KenCunningham
KenCunningham
uzumaki
  • Locked
  • Question
/etc/host read only???
Replies
5
Views
199
uzumaki
uzumaki
KenCunningham
  • Locked
  • Question
XSCF and telnet 2
Replies
10
Views
159
djr111
djr111
shaife
  • Locked
  • Question
Telnet to a single user mode server
Replies
2
Views
65
maximusGeek
maximusGeek

Part and Inventory Search

Sponsor

Back
Top