topic restricted telnet in Operating System - HP-UX

restricted telnet

Rosli Ahmad — Mon, 10 Mar 2003 09:09:37 GMT

This might sound like a silly question, but I would appreciate if anyone could help me with this.

I have few machines to access to via telnet from a local host.I would like to restrict my telnet session to those selected few only. I want to control the access privilege on my local host as oppose to restricting my connection at the remote machines. I wonder if it is possible to do so.

Regards
Rosli Ahmad

Re: restricted telnet

Robert-Jan Goossens — Mon, 10 Mar 2003 09:18:13 GMT

Hi Rosli,

Take a look at next question/answer(s).

Hope it helps,

Robert-Jan.

Re: restricted telnet

Jose Mosquera — Mon, 10 Mar 2003 09:40:34 GMT

Hi,

The "/var/adm/inetd.sec" will be useful to you, in this file you could "allow|deny" totally or partially the "telnet" service as well as other important services, for detailed info pls consult on-line manual:
#man inetd.sec

Rgds.

Re: restricted telnet

Robert-Jan Goossens — Mon, 10 Mar 2003 10:29:31 GMT

sorry missed the link,

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xbdb879bffde7d4118fef0090279cd0f9,00.html

Re: restricted telnet

Rosli Ahmad — Tue, 11 Mar 2003 01:55:24 GMT

Thank you for the quick reply.

I believe inetd.sec would block or permit connection to my local host (a).

However, my issue is to limit my telnet access to those remote servers (b,c,d...)by controlling the access in my local host (a). In other words, what do I need to configure in (a) so that all its users can only access (b) and not the rest (c,d,e...).

The reason behind all these is because there are too many remote hosts accessible out there once a user is granted access to my local host (a).

Hope that will paint a better picture.

Thank you.

Re: restricted telnet

Sorrel G. Jakins — Tue, 11 Mar 2003 20:21:49 GMT

Just write a script called 'telnet' and inspect the parms being passed. The pass the successful requests to /usr/bin/telnet. Make sure your script directory is higher in the PATH than /usr/bin.

HTH, Sorrel

Re: restricted telnet

Randy Tarrier — Tue, 11 Mar 2003 21:59:06 GMT

Hi Rosli,
Following Sorrel's suggestion:
You could use inetd.sec in conjunction with the telnet shell script. Depending on your user groups, you could set up their default profile with an environmental variable TELNET_ALLOW.
Use 0 for no access, 1 for limited, 2 for unlimited. In the telnet.sh script, check this variable - if =1, check the list of 'allowed' hosts in inet.sec (this may not work if you need to allow greater access to your host than just these- then you'd have to create a separte config file for this purpose).

hth,
Randy