topic Restricted Telnet in Operating System - HP-UX

Restricted Telnet

Anshumali — Thu, 02 Aug 2007 05:31:16 GMT

Okay....i am stuck again.... :)

What i need is:
Create a user with shell accesss and should be able to do cd within his home directory only. Other words chrooting the home directory.
I have followed sugegstions in threads but somehow no luck.
Password file looks like:
anstest:*:105:20:Anshu Test Shell,,,:/home/anstest/./:/bin/sh

And the /etc/profile contains:

if [ "$LOGNAME" = anstest ]
then
chroot /home/anstest
fi

what is missing here? Anything else to configure.

OS 11.11

Re: Restricted Telnet

Steven Schweda — Thu, 02 Aug 2007 07:06:33 GMT

> what is missing here?

An explanation of what, exactly, "no luck"
means. What happens? What doesn't work?

Re: Restricted Telnet

Ralf Seefeldt — Thu, 02 Aug 2007 07:08:53 GMT

Hello Anshumali,

if you use an * in /etc/passwd, unles you don't use a secure system, you disable login for that user.

man passwd

What exactly are your problems? Can you log in? Do you have to many or to little permissions?

Bye
Ralf

Re: Restricted Telnet

Ivan Ferreira — Thu, 02 Aug 2007 07:27:10 GMT

I'm not sure if you can do this with telnet, with SSH is possible and you should by now, use SSH.

The chroot command requieres:

1- An chroot environment created
2- A command to execute

Re: Restricted Telnet

spex — Thu, 02 Aug 2007 07:30:47 GMT

Perhaps rsh (Restricted Shell) would be a better fit for your needs. See "rsh Restrictions" in the sh-posix(1) man for more information.

Re: Restricted Telnet

Anshumali — Thu, 02 Aug 2007 07:57:11 GMT

Yes Its a trusted System, that why password field is *
What doesnt work?:
Logging the same anstest user, user can navigate to all the file system. it doesnt show as homedir as chrooted directory.

rsh:
Yes...i gave it a try but it doesnt provide access to cd command. Is there anyway to provide access to cd command in rsh? User should be able to traverse down from his home directory, but not upwards...thats the reason i went for chroot method.

Re: Restricted Telnet

Anshumali — Thu, 02 Aug 2007 07:59:42 GMT

Ivan,

Any pointers/threads how to get this done with SSH. I would surely give it a try. Ofcourse, auditors will be happy as well. ;)

Thanks,
Anshu

Re: Restricted Telnet

HGN — Thu, 02 Aug 2007 08:01:00 GMT

Hi

Ours is also a trusted system but we have implemented with ssh (chroot'd env) amd know for sure it works.

Rgds

HGN

Re: Restricted Telnet

Anshumali — Thu, 02 Aug 2007 08:06:42 GMT

HGN,

Is there any doc to configure chrooted env with SSH or the above settings are similar with ur env and works well when SSH is installed. Any specific config in SSH?

Re: Restricted Telnet

Anshumali — Thu, 02 Aug 2007 08:16:56 GMT

i got
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1122269
will try it out....still appreciate if anyone can shed light on the original question :)

Re: Restricted Telnet

rariasn — Thu, 09 Aug 2007 06:14:11 GMT

Hi Anshumali,

/opt/ssh/README_chroot.html

rgs,

Re: Restricted Telnet

Anshumali — Mon, 13 Aug 2007 00:36:39 GMT

Syntax issue
/opt/ssh/README_chroot.html helped and the responses above