- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Disable telnet/ssh login for certain user
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2005 05:26 AM
тАО03-04-2005 05:26 AM
Hi,
I have an application that runs under a regular unix ID 'prod1'. I want to disable direct login for 'prod1' via ssh or telnet. But I do want some users to be able to su to prod1 and do application maintainence tasks. How can I accomplish that? Also the above scnerio is possible, then where do I define which users are allowd to su to prod1.
If anyone can answer this quickly, I would greatly appreciate it.
Thanks,
Tony
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2005 05:38 AM
тАО03-04-2005 05:38 AM
Re: Disable telnet/ssh login for certain user
This will disable login completely.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2005 05:41 AM
тАО03-04-2005 05:41 AM
Re: Disable telnet/ssh login for certain user
uid=$(id -u)
if [[ ${uid} = "uid_of_user" ]]
then
echo "No direct logins"
else
echo "giving login"
fi
Anil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2005 06:38 AM
тАО03-04-2005 06:38 AM
Re: Disable telnet/ssh login for certain user
Anil, your suggestion will solve who can and cannot su to that username. Thanks.
However, how do I disable direct login of prod1, yet still allow certain user to su to prod1 and prod1 would still be able to run jobs/scripts. Any solution to this? Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2005 07:02 AM
тАО03-04-2005 07:02 AM
Re: Disable telnet/ssh login for certain user
So configure sudo for all those users with the commands that they need to run as prod1.
"user1" ALL=(prod1) /xxx/prod1_command1 /yyy/prod1_command2
Now you run these programs as follows.
sudo /xxx/prod1_command
In this case /xxx/prod1 command will run under prod1 by user "user1"
man pages of sudo and visudo
Anil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2005 07:48 AM
тАО03-04-2005 07:48 AM
Re: Disable telnet/ssh login for certain user
I have tried putting your code in the /etc/profile, but the user prod1 is still being allowed to login directly.
uid=$(id -u)
if [[ ${uid} = "109" ]]
then
echo "This id is not allowed to login directly"
else
echo "giving login"
#set enviroment.
.................
................. etc. etc.
fi
What am I doing wrong? Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2005 07:58 AM
тАО03-04-2005 07:58 AM
Re: Disable telnet/ssh login for certain user
uid=$(id -u)
if [[ ${uid} -eq "109" ]]
then
echo "This id is not allowed to login
directly"
exit 1
else
echo "giving login"
fi
Did you check second post??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-05-2005 02:45 AM
тАО03-05-2005 02:45 AM
Re: Disable telnet/ssh login for certain user
Do you have sudo installed on your Server.
With sudo you can define who's able to su to prod1.
Good Luck
Darrel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-06-2005 07:23 PM
тАО03-06-2005 07:23 PM
Re: Disable telnet/ssh login for certain user
We have don something different.
We make a file /etc/not_loginable and in this file we put the application users.
Then in the /etc/profile we put the following code.
# custom code for denying generic account login
if logname > /dev/null 2>&1
then
LGNM=`logname`
if egrep "^${LGNM}$" /etc/not_loginable > /dev/null 2>&1
then
echo "\nDirect login not allowed for $LGNM\n"
sleep 2 # For display on ssh-login #
echo "\nNO remote login allowed for $LGNM (`date '+%D %T'`)\n" |
logger -p user.err -t NOT_LOGINABLE
exit 1
fi
fi
When you login under your own account you are able to su to the user.
grtz. Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-06-2005 08:06 PM
тАО03-06-2005 08:06 PM
Re: Disable telnet/ssh login for certain user
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=825287