[lug] tftp service

Nate Duehr nate at natetech.com
Wed Jul 11 01:59:30 MDT 2001 

Yeah, but with their recent announcement that they finally remembered
they're running SSH v1 with the already-found security holes on Unix
platforms like it was some revelation to the world... their scp/ssh
implementation may be just as insecure as TFTP.  :-)

Nate

bdoctor at ps-ax.com wrote:
> 
> If you could include some output from /var/log/messages, that would help.
> Also, you may wish to "tail -f /var/log/messages" as you are working with this.
> 
> TFTP is very dangerous to use, and I think most of the Cisco IOS versions can
> do scp nowadays, if memory serves.  That may be a solution as well.
> 
> Also, make sure the in.tftpd binary is actually on your system.
> 
> Without the '-c' flag, the file must already be present, otherwise you won't
> be able to create it.  Add this via:
> 
> server_args = -c
> 
> within the tftp config file.  Also add:
> 
> only_from = your.ip.address/32
> 
> To secure things a bit.  I'm quite paranoid, even it is on an internal network
> that is not reachable..
> 
> -brad
> 
> [Charset iso-8859-1 unsupported, filtering to ASCII...]
> > I am looking for some help on getting tftp service working on my RedHat 7.0
> > system.
> > I want to use the tftp service to download/upload router configs.  I have
> > /tftpboot
> > set to 777 as well as a file called router1, which is where I want to place
> > the
> > router file.
> >
> > Whenever I try to issue the command "write net" from the router, I receive:
> >
> > Error code 2: Access violation
> >
> > I have the default setting for /etc/xinetd.conf:
> >
> > defaults
> > {
> >         instances               = 60
> >         log_type                = SYSLOG authpriv
> >         log_on_success          = HOST PID
> >         log_on_failure          = HOST RECORD
> > }
> >
> > includedir /etc/xinetd.d
> >
> > In /etc/xinetd.d/tftp I have the following configuration:
> >
> > # default: off
> > # description: The tftp server serves files using the trivial file transfer
> > \
> > #       protocol.  The tftp protocol is often used to boot diskless \
> > #       workstations, download configuration files to network-aware
> > printers, \
> > #       and to start the installation process for some operating systems.
> > service tftp
> > {
> >         socket_type             = dgram
> >         wait                    = yes
> >         user                    = nobody
> >         log_on_success          += USERID
> >         log_on_failure          += USERID
> >         server                  = /usr/sbin/in.tftpd
> >         server_args             = /tftpboot
> >         disabled                = no
> > }
> >
> > After changing "disabled" to no, I restarted xinetd.
> >
> > I cannot see any daemon for in.tftpd nor any other process with tftp in it.
> > The xinetd daemon
> > is running.
> >
> > Thanks in advance for ANY help you can provide.
> >
> > Kris Young
> > Stanfield Systems, Inc.
> > krispy at stanfieldsystems.com
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list