HPE Community
Operating System - HP-UX
1833758 Members
2703 Online
110063 Solutions
New Discussion

about telnet

 
SOLVED
Go to solution
wangmx
Respected Contributor

‎06-06-2005 01:20 AM

‎06-06-2005 01:20 AM

about telnet

how to deny a special user login host from telnet.but allow login from ssh?
thanks!
0 Kudos
Reply
8 REPLIES 8
Steven E. Protter
Exalted Contributor

‎06-06-2005 01:27 AM

‎06-06-2005 01:27 AM

Re: about telnet

You can set up the user ip address in /var/adm/inetd.sec with telnet set to deny and secure shell set to allow.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
wangmx
Respected Contributor

‎06-06-2005 01:40 AM

‎06-06-2005 01:40 AM

Re: about telnet

thank your reply so fast.
But I want to allow user,not his ip!
0 Kudos
Reply
Denver Osborn
Honored Contributor

‎06-06-2005 03:04 AM

‎06-06-2005 03:04 AM

Solution

Re: about telnet

An easy way might be to add something to his .profile that would check for the existence of an SSH env variable that gets set by ssh. If the var doesn't exist, we can assume it's not ssh and exit... SSH_CLIENT should be set w/ each user's ssh login.

hope this helps,
-denver

Reply
D Block 2
Respected Contributor

‎06-06-2005 03:04 PM

‎06-06-2005 03:04 PM

Re: about telnet

The funny thing is, I do not believe there is an "Allow User" for ssh on HP-UX. You must create a list of all user logins for ssh to be Denied. Create the Deny User list in the sshd config file.

Simply, remove the user login that you would like to Allow in this Deny User list.

Golf is a Good Walk Spoiled, Mark Twain.
0 Kudos
Reply
Vibhor Kumar Agarwal
Esteemed Contributor

‎06-06-2005 08:13 PM

‎06-06-2005 08:13 PM

Re: about telnet

I did a similar thing some time back.

Just write "exit" in the .profile of the user.
Now whenever he will telnet, he will be logged off.
Vibhor Kumar Agarwal
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎06-06-2005 08:31 PM

‎06-06-2005 08:31 PM

Re: about telnet

You can deny a special user using /etc/profile as,

if [[ "$LOGNAME" = "splusername" ]]
then
ps | grep -q 'telnet'
if [[ $? -eq 0 ]]
then
echo "$LOGNAME is denied with telnet login"
sleep 2
fi
fi

If you want to control based on specific user from specific IP for using telnet then,

if [[ "$LOGNAME" = "splusername" ]]
then
if [[ $(who -mu | awk '{ print $8 }') = "ip-address" ]]
then
ps | grep -q 'telnet'
if [[ $? -eq 0 ]]
then
echo "$LOGNAME is denied with telnet login"
sleep 2
fi
fi
fi


hth.
Easy to suggest when don't know about the problem!
Reply
Muthukumar_5
Honored Contributor

‎06-06-2005 08:53 PM

‎06-06-2005 08:53 PM

Re: about telnet

Try to put exit 1 after sleep 2 in above script. Then only it will deny users.

You can deny a special user using /etc/profile as,

if [[ "$LOGNAME" = "splusername" ]]
then
ps | grep -q 'telnet'
if [[ $? -eq 0 ]]
then
echo "$LOGNAME is denied with telnet login"
sleep 2
exit 1
fi
fi

If you want to control based on specific user from specific IP for using telnet then,

if [[ "$LOGNAME" = "splusername" ]]
then
if [[ $(who -mu | awk '{ print $8 }') = "ip-address" ]]
then
ps | grep -q 'telnet'
if [[ $? -eq 0 ]]
then
echo "$LOGNAME is denied with telnet login"
sleep 2
exit 1
fi
fi
fi
Easy to suggest when don't know about the problem!
Reply
D Block 2
Respected Contributor

‎06-07-2005 02:55 PM

‎06-07-2005 02:55 PM

Re: about telnet

just thinking of logging herein.. you will want to log to syslog the telnet users and the ssh users.

here's a "gem" to think about from Bill Hassell.


http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=697894

HP-UX 11.11 uses PAM for all authentication. You can loggin options for ssh in /etc/opt/ssh/sshd_conf. For a normal login, you can add this to /etc/profile:

TTY=$(tty)
RHOST=$(who -muR | awk '{print $NF}')
UID=$(id -ur)
EUID=$(id -u)
RUSER=$(id -un)
logger -t "login-info" -p auth.info "logname=$LOGNAME uid=$UID euid=$EUID tty=$TTY ruser=$RUSER
rhost=$RHOST"

This only writes a syslog message when the user is successful in getting a login.
Golf is a Good Walk Spoiled, Mark Twain.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.