Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

How to block FTP ,SMTP,Telnet services?

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers How to block FTP ,SMTP,Telnet services?
# 8  
Old 09-08-2010
Did you check out what I wrote for ftp and sendmail? Did it work?

I never used Kerberos authentication so far - I think there is more to do but just activating a "kerberized" telnetd. Afaik you need a kerberos server to get a ticket etc.
But you might want to read up on kerberos authentication separatly or open up an extra thread so topics get not mixed up.
# 9  
Old 09-08-2010
Quote:
Yes, it seems telnet is not active and the config for xinetd is not installed.
To make sure you can show the contents of /etc/xinetd.d. If there is a file called telnet and one called ftp, you can check inside them - there should be a parameter called "disable" which might be already set to "= yes".
I guess telnet part i m pretty OK.Now i can enable or disable telnet service by my own.
Let us concentrate on FTP now .SMTP will be handlled later as i m finding it very difficult to handle everything.BTW thanks for your support you are indeed very helpful.

Quote:
For ftp I already mentioned to do the same as with telnet - you might have overlooked it:
Code:
# ls /etc/xinetd.d
chargen-dgram   discard-dgram   eklogin       krb5-telnet      tcpmux-server
chargen-stream  discard-stream  ekrb5-telnet  krb5-telnet.old  tftp
daytime-dgram   echo-dgram      gssftp        kshell           time-dgram
daytime-stream  echo-stream     klogin        rsync            time-stream

There are two files called gssftp and tftp .Which one should i modify?
Code:
# ftp localhost
ftp: connect: Connection refused
ftp> bye

FTP is already blocked but i would like to know how to enable it?
# 10  
Old 09-08-2010
Code:
$> cat /etc/xinetd.d/tftp
# default: off
# description: tftp service is provided primarily for booting or when a \
#       router need an upgrade. Most sites run this only on machines acting as
#       "boot servers".

So you might forget about that one.

For gssftp you might want to edit this file and check if there is something like
Code:
..
disable = yes
..

in there. Change it to no and restart your xinetd; try:
Code:
/etc/init.d/xinetd restart

# 11  
Old 09-09-2010
Quote:
Originally Posted by zaxxon
Code:
$> cat /etc/xinetd.d/tftp
# default: off
# description: tftp service is provided primarily for booting or when a \
#       router need an upgrade. Most sites run this only on machines acting as
#       "boot servers".

So you might forget about that one.

For gssftp you might want to edit this file and check if there is something like
Code:
..
disable = yes
..

in there. Change it to no and restart your xinetd; try:
Code:
/etc/init.d/xinetd restart

I have enabled the ftp service as described.But now whenever i try to get ftp i get following error.

Code:
# ftp 10.180.18.222
Connected to 10.180.18.222.
220 TomcatServer FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI error major: Unspecified GSS failure. Minor code may provide more information
GSSAPI error minor: No credentials cache found
GSSAPI error: initializing context
GSSAPI authentication failed
334 Using authentication type KERBEROS_V4; ADAT must follow
KERBEROS_V4 accepted as authentication type
Kerberos V4 krb_mk_req failed: You have no tickets cached
Name (10.180.18.222:root):

What should i do for getting ftp session?
# 12  
Old 09-09-2010
I just googled what this gssftp is:
Quote:
gssftp service:
A kerberized xinetd-based FTP daemon which does not pass authentication information over the network.
So you might just want to install one plain normal ftp demon like wu-ftpd or vsftpd or proftpd, ...
# 13  
Old 09-09-2010
Confused .I used to think that gssftp is a service that provide ftp session .And now you are suggesting me to install another ftp demon like wu-ftpd or vsftpd ....
What is the difference between gssftp and other ftp demon .Can u please explain in not so technical aspect.

I would be glad if some one help me understanding the concept or point me to link where i can learn about this.
# 14  
Old 09-09-2010
Ok, I try again:
Your current installed ftpd and telnetd are "kerberized". They work only correct when configured against a Kerberos server. Kerberos is a authentication method where you get with your 1st login a token from the Kerberos server and need no further successful login - being called "single-sign-on".
They are not working for your ftp and telnet daemon tests. So easiest way around might be, to just install normal, plain, "un-kerberized" versions of ftpd and telnetd. I suggested some.


But keep in mind:
Generally, if you are professionally administering servers or just care about keeping data and passwords etc. secure and sowith dealing with sensitive data, you usually want to use something secure, something where the communication is encrypted.
For this purpose ssh is ideal - you can replace telnet with it. With the ssh package you also get scp, which can replace rcp. sftp can replace ftp. No one can sniff the transferred data easy or get the password which will be clear text when using non-encrypted protocols like telnet, ftp, ...
This User Gave Thanks to zaxxon For This Post:
pinga123
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

NIS/smtp services issue on Solaris 11

Hi, Few services not starting on new build Solaris 11 non-global zone. I uninstalled zone and reinstalled and still same issue, while global zone is working fine. smpt service is going into maintenance mode and /var/svc/log/network-smtp:sendmail.log shows that it tries and then dead ... (0 Replies)
Discussion started by: solaris_1977
0 Replies

2. AIX

UNIX script with smtp and telnet

hi, i have a problem , I'm creating a script that send a mail with telnet . via command line it's ok,but i create the .sh i have problem . this a .sh telnet open mysmtp 25 HELO sleep 15 MAIL FROM:<Email> sleep 15 RCPT TO:<email> sleep 15 DATA SUBJECT : PROVA (3 Replies)
Discussion started by: cescofran76
3 Replies

3. SCO

FTP Services

HI Guys i have a problem with my ftp site, on sco open server, when my users trying pulling reports, it gives them permission denied, it was working then suddenly stopped out of no where, i would to know how can i stop and start the ftp service to see if it will refresh before i can restart the... (1 Reply)
Discussion started by: that-guy
1 Replies

4. Shell Programming and Scripting

Automating mailing via telnet to smtp

Hi, I am trying to write a ksh script to send an attachment via telnet to an SMTP server. I'm using MKS Toolkit. mail, mailx, sendmail, nc are not working on the server where I have MKS Toolkit installed. If I type the following from the command prompt I receive an email: telnet x.com... (0 Replies)
Discussion started by: dukeEarth
0 Replies

5. Shell Programming and Scripting

telnet smtp script

Hi, I have a mysql backup script located in crontab. I need to inform system administrator if the backup fail by telnet to smtp to send failure notification. ANyone got clue on how to achieve that? cheers. (4 Replies)
Discussion started by: bulkbiz
4 Replies

6. UNIX for Dummies Questions & Answers

telnet smtp and email in batch

I can do the following steps on my UNIX box interactively, but cannot send an email with a script. Can someone help? I need to send an email or some other notification when a cron job fails. telnet xx.yy.zz.ww 25 helo mail from: 123@123.com rcpt to: my@email.net data subject: email test... (1 Reply)
Discussion started by: ejaggers
1 Replies

7. Shell Programming and Scripting

Automating telnet and ftp

Hi, I want to automate FTP. I have a fair idea that this can be done using expect scripting. But I dont how to do it. Please, can anyone give me an example of how to do it in Unix. Thanks in advance (2 Replies)
Discussion started by: sendhilmani123
2 Replies

8. Linux

ftp telnet enable

hi , i have jsut installed linux 9.0 , but i can not ftp or telnet to the system . i have installed the ftp and the telnet server during installation . i have also configured the files to enable the ftp and telnet , the ftp and the telnet daemons are running , but when i do ftp : ftp... (1 Reply)
Discussion started by: ppass
1 Replies

9. Cybersecurity

One accout for FTP other to TELNET

Hi All, If I want to have two user accounts from the same grop in UNIX Solaries. However, I want one of them to be used only for FTP while the other for TELNET. Can anybody tell me how to do that? Best Regards (13 Replies)
Discussion started by: omran
13 Replies

10. IP Networking

FTP or Telnet

Dumb question I'm sure but how on earth do I transfer files from a sco unix machine to my windows 2000 machine. I'm typing commands on my Win2000 machine. All I can seem to do is move files around on the unix system? (8 Replies)
Discussion started by: Timbash
8 Replies
Login or Register to Ask a Question