Release notes
Enable Telnet or RSH access to the cluster
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
As a security best practice, Telnet and RSH are disabled by default. To enable the cluster to accept Telnet or RSH requests, you must enable the service in the default management service policy.
Telnet and RSH are not secure protocols; you should consider using SSH to access the cluster. SSH provides a secure remote shell and interactive network session. For more information, refer to Access the cluster using SSH.
-
ONTAP supports a maximum of 50 concurrent Telnet or RSH sessions per node.
If the cluster management LIF resides on the node, it shares this limit with the node management LIF.
If the rate of incoming connections is higher than 10 per second, the service is temporarily disabled for 60 seconds.
-
RSH commands require advanced privileges.
-
Confirm that the RSH or Telnet security protocol is enabled:
security protocol show-
If the RSH or Telnet security protocol is enabled, continue to the next step.
-
If the RSH or Telnet security protocol is not enabled, use the following command to enable it:
security protocol modify -application <rsh/telnet> -enabled true
-
-
Confirm that the
management-rsh-serverormanagement-telnet-serverservice exists on the management LIFs:network interface show -services management-rsh-serveror
network interface show -services management-telnet-server-
If the
management-rsh-serverormanagement-telnet-serverservice exists, continue to the next step. -
If the
management-rsh-serverormanagement-telnet-serverservice does not exist, use the following command to add it:network interface service-policy add-service -vserver cluster1 -policy default-management -service management-rsh-servernetwork interface service-policy add-service -vserver cluster1 -policy default-management -service management-telnet-server
-
ONTAP prevents you from changing predefined firewall policies, but you can create a new policy by cloning the predefined mgmt management firewall policy, and then enabling Telnet or RSH under the new policy.
-
Enter the advanced privilege mode:
set advanced -
Enable a security protocol (RSH or Telnet):
security protocol modify -application security_protocol -enabled true -
Create a new management firewall policy based on the
mgmtmanagement firewall policy:system services firewall policy clone -policy mgmt -destination-policy policy-name -
Enable Telnet or RSH in the new management firewall policy:
system services firewall policy create -policy policy-name -service security_protocol -action allow -ip-list ip_address/netmaskTo allow all IP addresses, you should specify
-ip-list 0.0.0.0/0 -
Associate the new policy with the cluster management LIF:
network interface modify -vserver cluster_management_LIF -lif cluster_mgmt -firewall-policy policy-name
