topic Re: disable telnet for a user in Operating System - HP-UX

disable telnet for a user

sheevm — Tue, 14 Dec 2004 15:43:55 GMT

Hi!

I want to disable telnet access to a perticular user but this user should be able to login via SSH. How do I achieve this?

Thanks in advance for your help!!
Raji

Re: disable telnet for a user

RAC_1 — Tue, 14 Dec 2004 15:57:14 GMT

If this suer comes from a fixed ip_Adress/network, you can disbale telnet in /var/adm/inetd.sec file.
Else, you will have to install tcp wrappers and make use of /etc/hosts.allow and /etc/hosts.deny files.
If you have HP ssh installed, it has tcp wrappers in built. (You can prepare file /etc/hosts.deny with entry ALL:ALL to test it)
, prepare /etc/hosts deny file and deny user access to telnet.

Anil

Re: disable telnet for a user

sheevm — Tue, 14 Dec 2004 16:10:26 GMT

Anil,

Can you please give me syntax to create the /etc/hosts.deny file? If I put

deny:ALL as per you does it deny everyone telnet access? I just want to deny telnet access to a perticular group/user.

Thanks

Re: disable telnet for a user

Steven E. Protter — Tue, 14 Dec 2004 16:27:03 GMT

/var/adm/inetd.sec

Allows you to block certain users by ip address.

Otherwise you can code the /etc/profile or the .profile to check the login type and reject.

SEP

Re: disable telnet for a user

Rodney Hills — Tue, 14 Dec 2004 16:29:20 GMT

How about you reset the password for that user on the host that you don't want the user to connect.

If you have SSH configured right, then the password is no longer needed and if the user does not know the password of the host they are connecting to, they can't use telnet.

HTH

-- Rod Hills

Re: disable telnet for a user

Sridhar Bhaskarla — Wed, 15 Dec 2004 02:02:26 GMT

Hi Raji,

One way of doing it is to put some code in /etc/profile to see if the parent of the shell is 'telnetd' daemon and quit if it is. You obviously have to put some checks in there as you may not get the information first hand.

Otherwise, implement telnet through tcp_wrappers and adjust hosts.deny file. You can download tcp_wrappers from HP's porting site.

-Sri

Re: disable telnet for a user

Nguyen Anh Tien — Wed, 15 Dec 2004 03:35:22 GMT

SSH and Telnet run on different port(telnet 23; ssh: 22 as default) so you can grant access list for each individually.
/var/adm/inetd.sec is able to block access for telnet and rlogin base on IP ( unable to block connection base on userID
2, You should try to user tcp_wrappers for performing you idea.
tienna.

Re: disable telnet for a user

Suraj_2 — Wed, 15 Dec 2004 05:44:27 GMT

HI Raji

Disabling telent for a perticular user can be done as follows.
1) put "exit 0" code in .profile of the user.
2)Change the shell of the user to something like
/usr/bin/false
(This will disable ftp access also. To enable only ftp not telnet , add the shell i.e./usr/bin/false to the /etc/shells file)

There may be other ways..

SSH no idea..

Hope this is helpful

Rgds
Suraj

Re: disable telnet for a user

Jordan Bean — Wed, 15 Dec 2004 19:32:30 GMT

Assuming OpenSSH server, simply check for an sshd environment variable in the system's or user's profile.

if [ "$LOGNAME" == "joeuser" -a -z "$SSH_TTY" ]; then logout; fi