Skip to main content

Enable Telnet or RSH access to the cluster

Contributors netapp-barbe netapp-ahibbard netapp-aherbin
PDFs

As a security best practice, Telnet and RSH are disabled by default. To enable the cluster to accept Telnet or RSH requests, you must enable the service in the default management service policy.

Telnet and RSH are not secure protocols; you should consider using SSH to access the cluster. SSH provides a secure remote shell and interactive network session. For more information, refer to Access the cluster using SSH.

About this task

  • ONTAP supports a maximum of 50 concurrent Telnet or RSH sessions per node.

    If the cluster management LIF resides on the node, it shares this limit with the node management LIF.

    If the rate of incoming connections is higher than 10 per second, the service is temporarily disabled for 60 seconds.

  • RSH commands require advanced privileges.

ONTAP 9.10.1 or later
Steps

  1. Confirm that the RSH or Telnet security protocol is enabled:

    security protocol show

    1. If the RSH or Telnet security protocol is enabled, continue to the next step.

    2. If the RSH or Telnet security protocol is not enabled, use the following command to enable it:

      security protocol modify -application <rsh/telnet> -enabled true

  2. Confirm that the management-rsh-server or management-telnet-server service exists on the management LIFs:

    network interface show -services management-rsh-server

    or

    network interface show -services management-telnet-server

    1. If the management-rsh-server or management-telnet-server service exists, continue to the next step.

    2. If the management-rsh-server or management-telnet-server service does not exist, use the following command to add it:

      network interface service-policy add-service -vserver cluster1 -policy default-management -service management-rsh-server

      network interface service-policy add-service -vserver cluster1 -policy default-management -service management-telnet-server

ONTAP 9.9 or earlier
About this task

ONTAP prevents you from changing predefined firewall policies, but you can create a new policy by cloning the predefined mgmt management firewall policy, and then enabling Telnet or RSH under the new policy.

Steps

  1. Enter the advanced privilege mode:

    set advanced

  2. Enable a security protocol (RSH or Telnet):

    security protocol modify -application security_protocol -enabled true

  3. Create a new management firewall policy based on the mgmt management firewall policy:

    system services firewall policy clone -policy mgmt -destination-policy policy-name

  4. Enable Telnet or RSH in the new management firewall policy:

    system services firewall policy create -policy policy-name -service security_protocol -action allow -ip-list ip_address/netmask

    To allow all IP addresses, you should specify -ip-list 0.0.0.0/0

  5. Associate the new policy with the cluster management LIF:

    network interface modify -vserver cluster_management_LIF -lif cluster_mgmt -firewall-policy policy-name