Disabling telnet
Results 1 to 7 of 7

Thread: Disabling telnet

  1. #1
    Junior Member
    Join Date
    Dec 2001
    Posts
    3

    Exclamation Disabling telnet

    hi guyz, i've just installed SuSe Linux 7.1 on my machine which is netwotked and a friend of mine told me that i shud disable telnet and use ssh instead but the question is how???can anybody help me


  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    132
    First: Under Suse Linux I don't have the exact steps to take, but you need to disable telnetd and enable sshd. Also, you'll want to head over to somewhere like rootshell.com (are they still around? The page was down all today. ) or ... the Suse site, and grab the latest SSH daemon. There were problems with buffer overflows in prior versions.

    Second: Is this a good idea? Yes. But why? The idea behind this is quite simple: under telnet, a user logs in, then puts in their password ... IN PLAINTEXT! (en clair). So - over a network with a card in promiscuous mode ... you see where this is going. Under ssh, this goes down the wire encrypted (MD5, CAST (I think), PKI, etc, etc). AND you can get a windows client for it!

    So - as far as I see it, it's a win-win situation. I wanted to give some background so that you're not just groping around in the dark blindly.

    Let me know if this helps.



    ~N~

  3. #3
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Nietzsche is correct on this one. SSH is the only way to go as far as communication on the internet through telnet related traffic. Telnet, rsync, rsh, rcp, and others are plaintext over the net so it's nothing for a sniffer to grab passwords, user accounts, etc...

    Telnet runs on port 23 while sshd runs on port 22. Your client has to support ssh so other than telneting to port 22 just to see if it works, it's not going to secure correctly and won't work. As for shutting down telnet, if SuSe is like unix, you do the following:

    1: edit /etc/inetd.conf and comment (# at the beginning) out the lines that have telnet listed.

    2: edit /etc/services and do the same thing.

    3: restart inetd (ps -ef | grep inetd | awk '{ print $2 }' | xargs kill -HUP)

    If there's a graphical "setup" that SuSe uses, like linuxconf for RH, go through there and disable telnet.
    When you start up sshd, it'll automatically connect to port 22 and you're open for business, outside of putting it in as a service in /etc/services and /etc/inetd.conf and adding a startup script (which should come with your version) so that it starts up at boot time.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    132

    Thanks - and something a little beyond scope ...

    Nietzsche is correct on this one. SSH is the only way to go as far as communication on the internet through telnet related traffic.
    Thanks for the implicit vote of confidence. Here's something, though ... I'm running an ip-only version of IOS on a router back here. I don't think it has an ssh daemon on it. I have a newer ipsec56 (read: vpn) IOS version which I have not really played with too much. Would anyone happen to know off the top of their head of an IOS build that *can* support an ssh daemon so that I don't have to either telnet or vpn into the router? If anyone's interested, I am running IOS 12.1(6). Sure, I *could* head to Cisco and read docs, but I'm burnt out from a full day of flying.

    Thanks again -
    ~N~

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    132
    BTW, Vorlin - very nice post.

  6. #6
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164

    Re: Thanks - and something a little beyond scope ...

    Originally posted by nietzsche

    Would anyone happen to know off the top of their head of an IOS build that *can* support an ssh daemon so that I don't have to either telnet or vpn into the router?
    You're welcome for the vote of confidence . I'd rather give someone else credit for their posts rather than just look like I copied/pasted their stuff and reworded it.

    As for IOS 12.1 version supporting SSH, version 12.05 supported it so I'm fairly certain yours can too. I found some info here in concern with ssh vulnerabilities, as well as some info here in concern with IOS information (version 12.05). Hope this helps some as I just found it with google (if that's not the best search engine...).
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    742

    Re: Disabling telnet

    Originally posted by stem
    hi guyz, i've just installed SuSe Linux 7.1 on my machine which is netwotked and a friend of mine told me that i shud disable telnet and use ssh instead but the question is how???can anybody help me
    From a shell (or a terminal) start zast or yast (SuSE configuration tool).

    1. Start the package tool (in SuSE 7.3 named "package management").
    2. Goto change or create configuration.
    2. Goto "sec" security related software.
    3. Add package OpenSSH.
    4. press F10 to save
    5. press F10 to save (again)
    6. Goto Start installation.

    7. After installation press esc until the packagemanager starts to update your configuration then after exit YaST.

    Originally posted by Vorlin
    1: edit /etc/inetd.conf and comment (# at the beginning) out the lines that have telnet listed.
    2: edit /etc/services and do the same thing.
    Restart the server so that all keys automatically will be created for you (easiest way) .

    Hope this will help..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides