From owner-freebsd-questions  Mon Dec 17 12:53:56 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from catalyst.sasknow.net (catalyst.sasknow.net [207.195.92.130])
	by hub.freebsd.org (Postfix) with ESMTP id C01D037B41F
	for <freebsd-questions@FreeBSD.ORG>; Mon, 17 Dec 2001 12:53:47 -0800 (PST)
Received: from localhost (ryan@localhost)
	by catalyst.sasknow.net (8.11.6/8.11.6) with ESMTP id fBHKtTu14738;
	Mon, 17 Dec 2001 14:55:29 -0600 (CST)
	(envelope-from ryan@sasknow.com)
X-Authentication-Warning: catalyst.sasknow.net: ryan owned process doing -bs
Date: Mon, 17 Dec 2001 14:55:29 -0600 (CST)
From: Ryan Thompson <ryan@sasknow.com>
X-X-Sender:  <ryan@catalyst.sasknow.net>
To: Rakesh Prajapati <rprajapa@sdf.lonestar.org>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: Re: How to allow ssh only remotely (and deny telnet remotely)
In-Reply-To: <Pine.NEB.4.33.0112172016500.28968-100000@sdf.lonestar.org>
Message-ID: <20011217145125.J14608-100000@catalyst.sasknow.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Rakesh Prajapati wrote to freebsd-questions@FreeBSD.ORG:

> Hi ,
>
> Now that ssh is a secure way of logging in , how to deny telnet
> access to the system remotely.
>
> As ssh uses port 22 and telnet uses port 23 , do I just need to
> disable port 23.

This ought to be a FAQ. (Maybe it is already).

You need to disable the telnet service. Some (but not all) services
are specified in the config file /etc/inetd.conf

Edit /etc/inetd.conf with your favorite text editor and look for the
following lines:

telnet	stream	tcp	nowait	root	/usr/libexec/telnetd	telnetd
telnet	stream	tcp6	nowait	root	/usr/libexec/telnetd	telnetd


Then comment those lines, like this:

#telnet	stream	tcp	nowait	root	/usr/libexec/telnetd	telnetd
#telnet	stream	tcp6	nowait	root	/usr/libexec/telnetd	telnetd

Save and exit your editor. Then restart inetd as follows:

kill -HUP `cat /var/run/inetd.pid`



> Pls advice as to is this a good/right way of doing it.
>
>
>
> Thanks
> Rakesh
>
> rprajapa@sdf.lonestar.org
> SDF Public Access UNIX System - http://sdf.lonestar.org
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>

-- 
  Ryan Thompson <ryan@sasknow.com>
  Network Administrator, Accounts

  SaskNow Technologies - http://www.sasknow.com
  #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2

        Tel: 306-664-3600   Fax: 306-664-1161   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message