HPE Community
Operating System - HP-UX
1834026 Members
4863 Online
110063 Solutions
New Discussion

Re: Disabling users thru SSH and Telnet

 
Vijayakumar S
Advisor

‎03-18-2004 02:28 AM

‎03-18-2004 02:28 AM

Disabling users thru SSH and Telnet

Hi

Can any one guide me to disable particular users login thru SSH and Telnet. I dont want
to install any third party utility.

Thanks
vijay
0 Kudos
Reply
3 REPLIES 3
RAC_1
Honored Contributor

‎03-18-2004 02:45 AM

‎03-18-2004 02:45 AM

Re: Disabling users thru SSH and Telnet

Based on ip, you can deny telnet/ssh in /var/adm/indet.sec file. If you have ssh installed and that was compiled with tcp wrappers, you can deny allow users in /etc/hosts.allow and /etc/hosts.deny.

A quick check to check if your ssh is compiled with tcp wrappers or not?

Put ALL:ALL in /etc/hosts.deny file.
(Keep a session open before doing this.)

And try telnet/ssh to host.

You can allow/deny access to users to any of the services in /etc/hosts.allow and /etc/hosts.deny.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Hazem Mahmoud_3
Respected Contributor

‎03-18-2004 02:47 AM

‎03-18-2004 02:47 AM

Re: Disabling users thru SSH and Telnet

There is a feature called tcpwrappers that you can enable on HP-UX. Through that, you can define your /etc/hosts.allow and /etc/hosts.deny files to allow/deny users access to network services on that machine. There are quite a few steps required to configure this. Basically, it allows you to have more control over services. What ends up happening is that services like telnet and ftp are actually started by the tcpd daemon (tcpwrapper daemon). Therefore, it allows you to put more control on these services, like access control.
If this sounds interesting to you and you want to set this up, let me know, and I can post the steps required.

-Hazem
0 Kudos
Reply
James A. Donovan
Honored Contributor

‎03-18-2004 03:44 AM

‎03-18-2004 03:44 AM

Re: Disabling users thru SSH and Telnet

Create a file called /usr/bin/nosh (permissions 555) and assign it as the users default shell in /etc/passwd.
If you have an /etc/shells file add /usr/bin/nosh to the end of it, to allow these users ftp access.

e.g.

#!/bin/sh
#
# ftponly shell
#
trap "/bin/echo Sorry; exit 0" 1 2 3 4 5 6 7 10 15
#
IFS=""
Admin=your-admin@some.domain.com
System=`/usr/bin/hostname`@`/usr/bin/domainname`
#
/bin/echo
/bin/echo "********************************************************************"
/bin/echo " You are NOT allowed interactive access to $System."
/bin/echo
/bin/echo " This account is restricted to ftp and web access."
/bin/echo
/bin/echo " Direct questions concerning this policy to $Admin."
/bin/echo "********************************************************************"
/bin/echo
#
# C'ya
#
exit 0


Remember, wherever you go, there you are...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.