HPE Community
Operating System - HP-UX
1832617 Members
2922 Online
110043 Solutions
New Discussion

Re: disable telnet for a user

 
sheevm
Regular Advisor

‎12-14-2004 07:43 AM

‎12-14-2004 07:43 AM

disable telnet for a user

Hi!

I want to disable telnet access to a perticular user but this user should be able to login via SSH. How do I achieve this?

Thanks in advance for your help!!
Raji
be good and do good
0 Kudos
Reply
8 REPLIES 8
RAC_1
Honored Contributor

‎12-14-2004 07:57 AM

‎12-14-2004 07:57 AM

Re: disable telnet for a user

If this suer comes from a fixed ip_Adress/network, you can disbale telnet in /var/adm/inetd.sec file.
Else, you will have to install tcp wrappers and make use of /etc/hosts.allow and /etc/hosts.deny files.
If you have HP ssh installed, it has tcp wrappers in built. (You can prepare file /etc/hosts.deny with entry ALL:ALL to test it)
, prepare /etc/hosts deny file and deny user access to telnet.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
sheevm
Regular Advisor

‎12-14-2004 08:10 AM

‎12-14-2004 08:10 AM

Re: disable telnet for a user

Anil,

Can you please give me syntax to create the /etc/hosts.deny file? If I put

deny:ALL as per you does it deny everyone telnet access? I just want to deny telnet access to a perticular group/user.

Thanks
be good and do good
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎12-14-2004 08:27 AM

‎12-14-2004 08:27 AM

Re: disable telnet for a user

/var/adm/inetd.sec

Allows you to block certain users by ip address.

Otherwise you can code the /etc/profile or the .profile to check the login type and reject.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎12-14-2004 08:29 AM

‎12-14-2004 08:29 AM

Re: disable telnet for a user

How about you reset the password for that user on the host that you don't want the user to connect.

If you have SSH configured right, then the password is no longer needed and if the user does not know the password of the host they are connecting to, they can't use telnet.

HTH

-- Rod Hills
There be dragons...
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎12-14-2004 06:02 PM

‎12-14-2004 06:02 PM

Re: disable telnet for a user

Hi Raji,

One way of doing it is to put some code in /etc/profile to see if the parent of the shell is 'telnetd' daemon and quit if it is. You obviously have to put some checks in there as you may not get the information first hand.

Otherwise, implement telnet through tcp_wrappers and adjust hosts.deny file. You can download tcp_wrappers from HP's porting site.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Nguyen Anh Tien
Honored Contributor

‎12-14-2004 07:35 PM

‎12-14-2004 07:35 PM

Re: disable telnet for a user

SSH and Telnet run on different port(telnet 23; ssh: 22 as default) so you can grant access list for each individually.
/var/adm/inetd.sec is able to block access for telnet and rlogin base on IP ( unable to block connection base on userID
2, You should try to user tcp_wrappers for performing you idea.
tienna.
HP is simple
0 Kudos
Reply
Suraj_2
Valued Contributor

‎12-14-2004 09:44 PM

‎12-14-2004 09:44 PM

Re: disable telnet for a user

HI Raji

Disabling telent for a perticular user can be done as follows.
1) put "exit 0" code in .profile of the user.
2)Change the shell of the user to something like
/usr/bin/false
(This will disable ftp access also. To enable only ftp not telnet , add the shell i.e./usr/bin/false to the /etc/shells file)

There may be other ways..

SSH no idea..

Hope this is helpful

Rgds
Suraj
0 Kudos
Reply
Jordan Bean
Honored Contributor

‎12-15-2004 11:32 AM

‎12-15-2004 11:32 AM

Re: disable telnet for a user

Assuming OpenSSH server, simply check for an sshd environment variable in the system's or user's profile.

if [ "$LOGNAME" == "joeuser" -a -z "$SSH_TTY" ]; then logout; fi

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.