With the trend away from running telnetd and FTPD and toward running SSHD many system administrators are removing the “telnet” and “FTP” service lines from the >system>stcp>services file.
Figure 1 – telnet and FTP entries in the >system>stcp>services file
This will cause problems if you still need to run the telnet and/or FTP clients to communicate with other hosts.
Figure 2 – telnet and FTP client errors caused by missig services entries
The reason is that the telnet and FTP clients use the getservbyname function to determine what port number they should connect to. This function reads the services file and if the service names “telnet” and/or “ftp” are not in that file the function does not return a port number and the clients terminate.
The telnet client allows you to bypass this function call by providing a port number on the command line.
Figure 3 – providing telnet client a port number
The FTP client does not have this option.
The services file is just a flat file database mapping service names to port numbers and protocols. Removing the “telnet” and “ftp” lines does not effectively increase the security level of the module since having these lines in the file does not mean that these services will automatically be run. Unless you are sure that none of your users will ever need to use the telnet and FTP clients you should leave the entries in the services file.