Howdy SuSE folks, I have a security question for you. My gateway is currently serving telnet to the outside world. Now only two people out of the local-net actually have access. I would like to kill the telnet daemon on that machine, and (if poss) use SSH instead. The gateway will go from being also a public access machine to JUST a gateway, and any connections received on port 23 will be forwarded to a machine inside the network which is not publicly routable. One might say that is closing one security hole and opening another, but the machine inside the local net will have more security, and plus I can severe it from the network without taking the rest of the network out. Thanks for your help! ps. I didn't get the cd-rom&soundcard to work, so invested in a $39.95 40x cd-rom drive instead. :) Thanks to everyone that responded though, it was a real comfort! Best Wishes, Lee Smallbone
Howdy SuSE folks,
I have a security question for you. My gateway is currently serving telnet to the outside world. Now only two people out of the local-net actually have access. I would like to kill the telnet daemon on that machine, and (if poss) use SSH instead.
Was your question "How to turn off Telnet?". If so, go to /etc/inetd.conf. Comment out (put a # in front of) telnet. Save the file. Then pull a process list and get the pid for inetd: ps aux | grep inetd Then restart inetd: kill -HUP (process number) M
Hello Mr. M, Tuesday, July 27, 1999, 6:35:31 AM, you wrote: MM> Was your question "How to turn off Telnet?". If so, go to /etc/inetd.conf. MM> Comment out (put a # in front of) telnet. Save the file. MM> Then pull a process list and get the pid for inetd: MM> ps aux | grep inetd MM> Then restart inetd: MM> kill -HUP (process number) Thank you for the info! Worked perfectly. :) You wouldn't happen to know if the port that telnet runs on can be changed do you? Say, move it from 23 to 9876? Best regards, Lee mailto:firewall@ecad.org
Thank you for the info! Worked perfectly. :) You wouldn't happen to know if the port that telnet runs on can be changed do you? Say, move it from 23 to 9876?
Best regards, Lee mailto:firewall@ecad.org
No, you can't do that. My advice is to ditch Telnet altogether. Use SSH (Secure Shell). It encrypts everything and is secure. You can get it here for free. ftp://ftp.cs.hut.fi/pub/ssh
Actually, you can indeed change the port that telnet uses. Look at /etc/inetd.conf. Comment out this line: telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd And replace it with: 9876 stream tcp nowait root /usr/sbin/tcpd in.telnetd You can test it out on any Unix/Linux/*BSD computer with: telnet your-host-name 9876 I also recommend secure shell, but I know that not everybody has access to the secure-shell clients. Moreover, some countries (France, Iraq, and North Korea; possibly others) prohibit the possession of encryption technology within their borders without special government licenses, so secure-shell might be a bad choice there. --Steve Augart "Mr. M" wrote:
Thank you for the info! Worked perfectly. :) You wouldn't happen to know if the port that telnet runs on can be changed do you? Say, move it from 23 to 9876?
Best regards, Lee mailto:firewall@ecad.org
No, you can't do that.
My advice is to ditch Telnet altogether. Use SSH (Secure Shell). It encrypts everything and is secure. You can get it here for free.
ftp://ftp.cs.hut.fi/pub/ssh
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-linux-e-unsubscribe@suse.com For additional commands, e-mail: suse-linux-e-help@suse.com
-- Steven Augart <swa@ISI.EDU> Globus project, USC Information Sciences Institute; http://www.globus.org
Are you asking all these questions in #linux on EFNet as well? As iNnOvAtE? If not, there is somebody on there right now ansking all the same questions you are :) flea At 08:12 PM 7/27/99 +0100, Lee Smallbone wrote:
Hello Mr. M,
Tuesday, July 27, 1999, 6:35:31 AM, you wrote:
MM> Was your question "How to turn off Telnet?". If so, go to /etc/inetd.conf. MM> Comment out (put a # in front of) telnet. Save the file.
MM> Then pull a process list and get the pid for inetd: MM> ps aux | grep inetd MM> Then restart inetd: MM> kill -HUP (process number)
Thank you for the info! Worked perfectly. :) You wouldn't happen to know if the port that telnet runs on can be changed do you? Say, move it from 23 to 9876?
Best regards, Lee mailto:firewall@ecad.org
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-linux-e-unsubscribe@suse.com For additional commands, e-mail: suse-linux-e-help@suse.com
On Tue, 27 Jul 1999, Lee Smallbone wrote:
Thank you for the info! Worked perfectly. :) You wouldn't happen to know if the port that telnet runs on can be changed do you? Say, move it from 23 to 9876?
You can do that. Edit /etc/services file. Replce 23 with the port number you prefer(make sure that it doesn't clash with anyother ports already assigned to any other process) udheer
participants (5)
-
firewall@ecad.org -
flea@exo.com -
mistrM@gtemail.net -
sudheer@easi.soft.net -
swa@ISI.EDU