topic Re: restrict remote login in Operating System - HP-UX

restrict remote login

Huyen Nguyen — Fri, 03 Aug 2001 15:08:57 GMT

This might be a trivial question, but does anyone know how to restrict remote login for a certain account so that users MUST "su" into the account instead of remote login?

Thanks!

Re: restrict remote login

Bill Hassell — Fri, 03 Aug 2001 17:50:02 GMT

There is no way to do this as there is for root. Requiring root to always use su is a common mechanism and is accomplished with either:

echo console > /etc/securetty

or

cat /dev/null > /eetc/securetty

In the first case, root (or any login with UID=0) can login to the console, but in the second case, root can never login (pretty secure, eh?). Instead, users must login as an ordinary user ID, then use su - root to attain root privileges, thus requiring two passwords and two logging steps.

For ordinary users, you would have to write special code in /etc/profile (and /etc/login.csh if necessary) to detect these special user(s) and give an error message when an incorrect login is attempted.

Re: restrict remote login

Wodisch — Sat, 04 Aug 2001 21:33:16 GMT

Hello Huyen,

in addition to Bill's answer, when you have X-Windows
(i.e. CDE) set up and running, your restricting code
has to go into "Xsetup" or "Xstartup" in the directory
"/etc/dt/config/" - when those script have an exit-value
other than 0, then they will deny login.

HTH,
Wodisch

Re: restrict remote login

Frank Li — Mon, 06 Aug 2001 05:53:10 GMT

You means that certain user can only login in from console or su ?

You can revise the /etc/profile to get to this :

-=-=-=-=
trap "" 1 2 3
#put the real user account as username below
USER=username
HOSTNAME=$(hostname)
Login_Host=$(who -R | grep $USER| tail -1 | awk '{print $6}')
AllowLogin=$(grep $HOSTNAME "$Login_Host")
if test "$Allowlogin" -eq ""
then
#Not allowed in
echo You are not allowed to login from $Login_Host as $USER
exit
fi

trap 1 2 3

-=-=-=-=-=

Then now username is only allow to login on cosole or through su .