topic Re: Telnet access list in Operating System - HP-UX

Telnet access list

Khashru — Wed, 22 Oct 2008 22:22:32 GMT

I want to disable telnet for all user except two users. I am using hp-ux 11.11. Can anyone please help. All other user will be using ssh.

Re: Telnet access list

Johnson Punniyalingam — Thu, 23 Oct 2008 00:37:32 GMT

Hi Khashru,

step 1:- enable telnet service in your server

inetd.conf --> Edit the file reomve # for telnet services
Example :-
telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b /etc/issue

>>I want to disable telnet for all user except two users>>

step2:- Edit /var/adm/inetd.sec --> security file
you can allow telnet specfic ip addres

step 3:-

inetd -c refresh your settings or to take effect

Example :-
telnet allow 10.99.2.* 10.99.12.* 10.99.11.* 10.99.0.* 10.99.50.* 10.98.5.44

for more info please man inetd.sec

Thanks,
Best Regards,
Johnson

Re: Telnet access list

Khashru — Thu, 23 Oct 2008 00:44:05 GMT

Thanks for the reply. I can stop telnet from specific host or IP using inetd.sec but my requirenent is that i need to stop by uing user name.

Re: Telnet access list

Johnson Punniyalingam — Thu, 23 Oct 2008 01:08:48 GMT

In a script pick up the process id and its parent id and if parent telnd then exit.

Just an idea.

or

you CAN do this with tcp_wrappers.

First - set up the hosts.deny as follows

telnetd : ALL

Then - set up the hosts.allow as follows

telnetd : menu@ALL

Of course this does nothing about FTP, rlogin, finger, etc. But you can tailor the files to cover those as well or use inetd.sec to limit those in addition. And you could limit the user to a specific host or subnet

telnetd : user@host1
telnetd : user@128.1.1

Thanks
Johnson

Re: Telnet access list

TTr — Thu, 23 Oct 2008 01:22:01 GMT

> I want to disable telnet
What about rlogin and ssh? are they running as services?
> except two users
telnet is an IP based protocol which means it does not check the username when a connection is made. It relies on the login command to do the user authentication. So you have to do your restriction at the login level and not at telnet. You can put a test in /etc/profile (or /etc/login) and check the username and allow only those two users to continue login.
This will cover rlogin and remsh as well. SSH uses its own user authentication so you need to do something similar there.
Or delete all user accounts except those two users.