Solaris 10 : Enable / Disable telnet Service

For security purposes, administrators may wish to disable telnet (incoming connections) on a Solaris 10 system.

To disable telnet on a Solaris 10 system:

# svcadm disable telnet

To re-enable telnet on a Solaris 10 system:

# svcadm -v enable -r telnet

Steps to Follow

An example of functioning telnet, disabling of telnet, and then re-enabling telnet on a Solaris 10 system. If the system in question does not have console or terminal server access, another remote connection (ie. rsh/rlogin/ssh) may be required to make the change. Using telnet to connect while attempting to disable telnet will disconnect the window.

1. rsh into S10 system and check current telnet service status:

# svcs -a | grep telnet
online Dec_01 svc:/network/telnet:default
## svcs -l svc:/network/telnet:default
fmri svc:/network/telnet:default
name Telnet server
enabled true
state online
next_state none
state_time Thu 01 Dec 2005 08:39:08 AM EST
restarter svc:/network/inetd:default
contract_id 110
## svcs -xv svc:/network/telnet:default
svc:/network/telnet:default (Telnet server)
State: online since Thu 01 Dec 2005 08:39:08 AM EST
See: man -M /usr/share/man -s 1M in.telnetd
See: man -M /usr/share/man -s 1M telnetd
Impact: None.

2. Here we disable telnet with ‘svcadm disable’ command, and then recheck telnet service status:

# svcadm disable telnet
# svcs -a | grep telnet
disabled 21:27:34 svc:/network/telnet:default
## svcs -l svc:/network/telnet:default
fmri svc:/network/telnet:default
name Telnet server
enabled false
state disabled
next_state none
state_time Sat 10 Dec 2005 09:27:34 PM EST
restarter svc:/network/inetd:default
contract_id
# svcs -xv svc:/network/telnet:default
svc:/network/telnet:default (Telnet server)
State: disabled since Sat 10 Dec 2005 09:27:34 PM EST
Reason: Disabled by an administrator.
See: http://sun.com/msg/SMF-8000-05
See: man -M /usr/share/man -s 1M in.telnetd
See: man -M /usr/share/man -s 1M telnetd
Impact: This service is not running.

NOTE: At this point the telnet is disabled. No reboot required for it to take affect.

3. From a remote system, we try to telnet to this S10 system that we just disabled telnet on:

% telnet netlab46
Trying 129.148.12.46…
telnet: Unable to connect to remote host: Connection refused

4. rsh’d back into S10 system to re-enable telnet……

# svcadm -v enable -r telnet
svc:/network/telnet:default enabled.
svc:/network/inetd:default enabled.
svc:/network/loopback enabled.
svc:/system/filesystem/local enabled.
svc:/milestone/single-user enabled.
svc:/system/identity:node enabled.
svc:/system/filesystem/minimal enabled.
svc:/system/filesystem/usr enabled.
svc:/system/filesystem/root enabled.
svc:/system/device/local enabled.
svc:/milestone/devices enabled.
svc:/system/manifest-import enabled.
svc:/milestone/sysconfig enabled.
svc:/milestone/name-services enabled.

5. From same remote system, we try to telnet to this S10 system that we just re-enabled telnet on:

% telnet netlab46
Trying 129.148.12.46…
Connected to netlab46.
Escape character is ‘^]’.login: root
Password:
Last login: Sat Dec 10 21:26:42 from 129.148.192.154
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
#

Ramdev

Ramdev

I have started unixadminschool.com ( aka gurkulindia.com) in 2009 as my own personal reference blog, and later sometime i have realized that my leanings might be helpful for other unixadmins if I manage my knowledge-base in more user friendly format. And the result is today's' unixadminschool.com. You can connect me at - https://www.linkedin.com/in/unixadminschool/

8 Responses

  1. Michael Michael says:

    Hi Ram

    Good one

    provided to this, telnet is controlled by inetadm via smf.the main purpose of the inetadm is to keep the services daemons running only when they are needed so that the resource is utilized efficiently so if you even enable the telnet service using svcadm utility ,If you check ps -ef |grep -i telnet the telnet process will not be running provided until or unless there is an telnet request .

    So one more tricky event is if the smf service of inet itself is disabled then even if you do an svcadm enable svc:/network/telnet and then check for the status it would remain offline .

  2. seema says:

    @ Michel Yes agree but this needs to be checked before for any service (or if creating new service ).

  3. Michael Michael says:

    But this is not gona be the case if you issue svcadm -v enable -r telnet :-)

    • Ramdev Ramdev says:

      @Michael – Lets’ not confuse readers, the beauty of knowledge lives in making the technology simple :)

      Just to all:

      >>> about the intetd — it’s all different story…. and telnet is just one of the the service that was controlled by inetd.
      I tried to explain inetd in one of the linux article. http://wp.me/p1EO9J-109 and the first part is still relevant to solaris also.

      >>about svcadm’s -r option …… -r option starts any SMF services recursivel , that means it will automatically online the dependency services mentioned in the configuration.
      if someone is curious about troubleshooting a network procedure which is not starting, please refer http://wp.me/p1EO9J-C6

  4. Yogesh Raheja says:

    @Ram, I agreed, -r is the option which will start SMF recursively along with its dependencies.

  5. Michael Michael says:

    @Ram i meant to say that my first comment is not valid if you issue svcadm -v enable -r telnet  

  6. kishore vadali says:

    once we disable the telnet using svcadm disable svc:/network/telnet:default,will it comeback after reboot? if yes,how to disable permanently

  1. September 16, 2015

    […] Read – Enable / Disable telnet Service […]

What is in your mind, about this post ? Leave a Reply

Close
  Our next learning article is ready, subscribe it in your email

What is your Learning Goal for Next Six Months ? Talk to us