| Protocol: | TCP |
| Standard Port: | 23 |
The telnetd daemon is generally considered insecure for today's hostile network environments. Not only has the daemon been the subject of many exploits, but all traffic between the client and server is unencrypted and visible to packet sniffers. For these reasons, sshd, the secure shell, is recommended instead of telnet. (We describe a daemontools setup for sshd here.)
There are occasions when a telnet server may still be desired, however. Within a heterogenous local network, for example, many common desktop operating systems are not supplied with a SSH client as standard equipment, yet they do include a telnet client. For the harried system administrator, then, it may be convenient to enable telnet connections to a server from some other workstations in the building.
telnetd is conventionally run by inetd. It is very easy to convert to a /service.
First,
create the run
script directories for the telnetd service:
# mkdir -p /var/svc.d/telnetd/log
Then the daemontools run
script
for /var/svc.d/telnetd/run:
#!/bin/sh
# telnetd/run
CONLIMIT=19
TELNETD="/usr/libexec/telnetd"
exec 2>&1
echo "*** Starting telnetd service ..."
exec softlimit -m 3500000 \
tcpserver -vr -l0 \
-c ${CONLIMIT} \
-x /etc/tcprules/telnet.cdb \
0 telnet \
${TELNETD}
### that's all, folks!
The $TELNETD variable should be set to invoke the telnetd executable on your particular platform.
Here's the usual run
script for the logger in
/var/svc.d/telnetd/log/run:
#!/bin/sh # telnetd/log/run exec setuidgid multilog multilog t /var/multilog/telnetd ### that's all, folks!
Prepare the log directory in /var/multilog:
# mkdir -p /var/multilog/telnetd # chown multilog:nofiles /var/multilog/telnetd
Set up whatever tcprules you want for access control in /etc/tcprules/telnet.rules:
# telnet.rules 127.:allow # our trusted workstations: 192.168.0.13:allow 192.168.0.19:allow :deny
Then compile
the rules:
# (cd /etc/tcprules ; make telnet.cdb)
Link into /service:
# ln -s /var/svc.d/telnetd /service/telnetd
Test the service, see if you can make a telnet connection
to localhost
from the server itself.
If there's a problem, do the usual trouble-shooting:
look at the logs, make sure the run scripts are executable,
the softlimit parameters are not too tight.
The telnetd service makes a good candidate to consider
setting down
by default:
# svc -d /service/telnetd # touch /service/telnetd/down
Now the service will run only when you bring it up manually
:
# svc -u /service/telnetd
Shut 'er down when you're done:
# svc -d /service/telnetd
Copyright © 2002, 2003, 2004, Wayne Marshall.
All rights reserved.
Last edit 2004.03.08, wcm.