Operating System - HP-UX
1834604 Members
3588 Online
110069 Solutions
New Discussion

How to block Telnet, SSH & FTP access in HP-UX 11

 
SomnathChakraborty
New Member

How to block Telnet, SSH & FTP access in HP-UX 11

Hi,

I want to block Telnet. FTP & ssh access from a particular IP. I don' have /var/adm/initd.sec file in my server. Pl help me out;

Somnath
4 REPLIES 4
Ivan Krastev
Honored Contributor

Re: How to block Telnet, SSH & FTP access in HP-UX 11

For telnet: create /var/adm/inetd.sec - http://docs.hp.com/en/B9106-90011/inetd.sec.4.html

SSH - edit sshd_config and add:
DenyUsers user1, user2 ...

ftp - edit the ftpusers file http://docs.hp.com/en/B9106-90011/ftpusers.4.html


regards,
ivan

rick jones
Honored Contributor

Re: How to block Telnet, SSH & FTP access in HP-UX 11

I'm not sure if it was available on 11.0 ("HP-UX 11" is a bit vague...) but ipfilter would be one way you could intercept and discard incoming traffic to the well known ports for Telnet, FTP and ssh from a given source IP.
there is no rest for the wicked yet the virtuous have no pillows
Johnson Punniyalingam
Honored Contributor

Re: How to block Telnet, SSH & FTP access in HP-UX 11

Hi SomnathChakraborty,

>> I don' have /var/adm/initd.sec file in my server. Pl help me out;
<<

you copy that file from smilar server with same HPUX version.

Than you modify as per your requirement

Thanks,
Johnson
Problems are common to all, but attitude makes the difference
Suraj K Sankari
Honored Contributor

Re: How to block Telnet, SSH & FTP access in HP-UX 11

Hi,

Put this entry into /var/adm/inetd.sec

ftp deny ipaddress
telnet deny ipaddress

see the below inetd.sec file from one of my server

monitor@testbox[/opt/ssh/etc] > cat /var/adm/inetd.sec
# @(#)B11.23_LRinetd.sec $Revision: 1.10.214.1 $ $Date: 96/10/08 13:20:06 $
#
#
# The lines in the file contain a service name, permission field and
# the Internet addresses or names of the hosts and/or networks
# allowed to use that service in the local machine.
# The form for each entry in this file is:
#
#
#
# For example:
#
# login allow 10.3-5 192.34.56.5 ahost anetwork
#
# The above entry allows the following hosts to attempt to access your system
# using rlogin:
# hosts in subnets 3 through 5 in network 10,
# the host with Internet Address of 192.34.56.5,
# the host by the name of "ahost",
# all the hosts in the network "anetwork"
#
# mountd deny 192.23.4.3
#
# The mountd entry denies host 192.23.4.3 access to the NFS rpc.mountd
# server.
#
# Hosts and network names must be official names, not aliases.
# See the inetd.sec(4) manual page for more information.
dtspc allow 127.0.0.1 loopback testbox


Suraj