- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Restrict specific user from telnet session wit...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-20-2007 09:27 PM
тАО09-20-2007 09:27 PM
I appreciate if someone has encountered to restrict particular user from telnet with c shell. This user must only be used by "su" from the normal users (switch only). I tried to create a script under .cshrc and even from .login but still bypassing it and user can still login directly. The requirements must only restrict this user to login directly by telnet and normal users must do su to this restricted user(telnet). My client is using telnet and they haven't ssh implemented, kinda weird =) as already suggested but still stick to telnet =). Thank you for the sharing of your comments!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2007 01:40 AM
тАО09-21-2007 01:40 AM
Re: Restrict specific user from telnet session with c shell
Make the default-shell for the user /usr/bin/false
be sure this is in the /etc/shells file.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2007 01:48 AM
тАО09-21-2007 01:48 AM
Re: Restrict specific user from telnet session with c shell
Another option mentioned many times in these forums is shutdown telnet and use ssh. the ssh daemon can controll direct logins.
If really adventurous you could play with writing a wrapper around the telnet daemon. i.e. check black list then fire off telnet
Another option is to put the black list check in /etc/profile. At least the users could not circumvent this profile in liue of their own.
pssst....Don't lock yourself off the system while testing..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2007 01:49 AM
тАО09-21-2007 01:49 AM
Re: Restrict specific user from telnet session with c shell
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2007 01:50 AM
тАО09-21-2007 01:50 AM
Re: Restrict specific user from telnet session with c shell
See KB doc "HP-UX telnet - How to Restrict Telnet Access by User" - http://www4.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c00843266-1
There are many examples to restict users.
regards,
ivan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2007 01:50 AM
тАО09-21-2007 01:50 AM
Re: Restrict specific user from telnet session with c shell
See KB doc "HP-UX telnet - How to Restrict Telnet Access by User" - http://www4.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c00843266-1
There are many examples how to restrict users.
regards,
ivan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2007 02:18 AM
тАО09-21-2007 02:18 AM
Solutionbut if the user is su'ing, when you do a who -um it will display the user you login as. therefore if you logged as a different user and su'ed then whoami and who -um will be different. if whoami and who -um are the same you probably telneted in.
could put this in the /etc/login ? (whatever is used by csh) to test the values and don't allow access if they are the same.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-23-2007 05:23 PM
тАО09-23-2007 05:23 PM
Re: Restrict specific user from telnet session with c shell
Sorry for my delay reply, however:
Aussan, modify shell with /usr/bin/false will disable the user totally even if you will do "su/su -"
Tim, tcp wrapper based from my experience with this service tool, as far as i know it will restrict only the specific users from a certain services/daemons but this can work only to restrict certain hosts,ips/subnets from host.deny/allows files. Take note this user is using csh shell and i dont think it's using /etc/profile (applicable ony with posix/bourne shells) but it's /etc/csh.login, the requirement from this dba user is to restrict direct telnet, I made some script from this user's profile (.cshr/.login) but still bypasing my script.
Is it possible from tct wrapper to restrict certain user to access from daemon/services?
Iva, sorry no access from HP Europe ITRC site but only ASIPAC =) but let me try to register there later. Would appreciate if you can attach from here.
Thanks again for your support but our clients since from the start they already using this logins sevice and most of them implemented in the production systems and already suggested to use ssh instead =(
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-24-2007 02:26 AM
тАО09-24-2007 02:26 AM
Re: Restrict specific user from telnet session with c shell
http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c00843266-1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-24-2007 02:39 PM
тАО09-24-2007 02:39 PM
Re: Restrict specific user from telnet session with c shell
Workaround: /var/adm/inetd.sec
Thanks