Prevent Telnet access

If you do not plan to use the Telnet server, follow the steps in this topic to disable it. This procedure ensures that it will not be used without your knowledge.

If you do not want anyone to use Telnet to access your iSeries™ server, you should prevent the Telnet server from running. To prevent Telnet access to your iSeries, complete these tasks.

Prevent Telnet from starting automatically

To prevent Telnet server jobs from starting automatically when you start TCP/IP, follow these steps:

  1. In iSeries Navigator, expand your iSeries Server > Network > Servers > TCP/IP.
  2. Right-click Telnet and select Properties.
  3. Clear Start when TCP/IP starts.

Prevent access to Telnet ports

To prevent Telnet from starting and to prevent someone from associating a user application, such as a socket application, with the port that the iSeries normally uses for Telnet, follow these steps:

  1. In iSeries Navigator, click your iSeries Server > Network > Servers > TCP/IP.
  2. Right-click TCP/IP Configuration and select Properties.
  3. In the TCP/IP Configuration Properties window, click the Port Restrictions tab.
  4. On the Port Restrictions page, click Add.
  5. On the Add Port Restriction page, specify the following values:
    • User name: Specify a user profile name that is protected on your iSeries. (A protected user profile is a user profile that does not own programs that adopt authority and does not have a password that is known by other users.) By restricting the port to a specific user, you automatically exclude all other users.
    • Starting port: 23 (for non-SSL TELNET) or 992 (for SSL TELNET)
    • Ending port: 23 (for non-SSL TELNET) or 992 (for SSL TELNET)
    • Protocol: TCP
    Note: These port numbers are specified in the Work with Service Table Entries (WRKSRVTBLE) table under .Telnet-ssl. They might be mapped to ports other than 23 and 992. Repeat this process for each port that you want to restrict. The Internet Assigned Numbers Authority (IANA) provides information about common port number assignments.
  6. Click OK to add the restriction.
  7. On the Port Restrictions page, click Add and repeat the procedure for the User Datagram Protocol (UDP) protocol.
  8. Click OK to save your port restrictions and to close the TCP/IP Configuration Properties window.
  9. The port restriction takes effect the next time that you start TCP/IP. If TCP/IP is active when you set the port restrictions, you should end TCP/IP and start it again.
Parent topic: Telnet security
Related information
Internet Assigned Numbers Authority (IANA)