UNIX for Dummies Questions & Answers

Hey guys,

I've seen this posted a few times when i searched but I kinda want to know the cleanest way of doing it.

On Solaris 8 and Solaris 9
What is the best way to disable telnet ssh1 and remote root login premanently?

I've seen posts that say edit /etc/services edit this edit that whats the cleanest or most effective way of doing it? Are their config files that should be edited or will /etc/services suffice?

Any tips would be appreciated...

Well telnet and rsh (assuming that's what you mean by remote login) are in /etc/inetd.conf. Just find them, comment them out and kill -HUP the inetd service.

Making sure you're not running ssh1 is located in your /etc/sshd/sshd_config file. Change the "Protocol 2,1" entry and remove the '1'. The location of sshd_config might be in different places such as /usr/local/etc as well. Make sure you kill -HUP the sshd service as well (NOTE! on some boxes kill -HUP will reboot the server; notably an older Solaris x86 install is where I had the problem).

Carl

Is it safe to comment out most of the stuff in inetd.conf???

I don't even know what half this stuff is doing....



Well... I commented it all out and the server still works so I'll have to see if some stuff breaks since i've done it....=)

Thank you for the help!

You should be able to "man" just about anything. There are a few things you should leave running. For example, on a Sun box the Disk Manager stuff is in inetd. But most stuff can be removed for sure.

The quickest way for me is:

Code:

$ grep -v "^#" /etc/inetd.conf

That'll return a list of the active programs. Then just man each of them to see if they need to be cleared. Of course, if you're running a FTP server, commenting that out would be bad

Carl