HPE Community
Operating System - HP-UX
1836787 Members
2305 Online
110110 Solutions
New Discussion

How to block Telnet, SSH & FTP access in HP-UX 11

 
SomnathChakraborty
New Member

‎11-20-2008 10:16 AM

‎11-20-2008 10:16 AM

How to block Telnet, SSH & FTP access in HP-UX 11

Hi,

I want to block Telnet. FTP & ssh access from a particular IP. I don' have /var/adm/initd.sec file in my server. Pl help me out;

Somnath
0 Kudos
Reply
4 REPLIES 4
Ivan Krastev
Honored Contributor

‎11-20-2008 10:42 AM

‎11-20-2008 10:42 AM

Re: How to block Telnet, SSH & FTP access in HP-UX 11

For telnet: create /var/adm/inetd.sec - http://docs.hp.com/en/B9106-90011/inetd.sec.4.html

SSH - edit sshd_config and add:
DenyUsers user1, user2 ...

ftp - edit the ftpusers file http://docs.hp.com/en/B9106-90011/ftpusers.4.html


regards,
ivan

0 Kudos
Reply
rick jones
Honored Contributor

‎11-20-2008 04:39 PM

‎11-20-2008 04:39 PM

Re: How to block Telnet, SSH & FTP access in HP-UX 11

I'm not sure if it was available on 11.0 ("HP-UX 11" is a bit vague...) but ipfilter would be one way you could intercept and discard incoming traffic to the well known ports for Telnet, FTP and ssh from a given source IP.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

‎11-20-2008 06:09 PM

‎11-20-2008 06:09 PM

Re: How to block Telnet, SSH & FTP access in HP-UX 11

Hi SomnathChakraborty,

>> I don' have /var/adm/initd.sec file in my server. Pl help me out;
<<

you copy that file from smilar server with same HPUX version.

Than you modify as per your requirement

Thanks,
Johnson
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Suraj K Sankari
Honored Contributor

‎11-20-2008 09:05 PM

‎11-20-2008 09:05 PM

Re: How to block Telnet, SSH & FTP access in HP-UX 11

Hi,

Put this entry into /var/adm/inetd.sec

ftp deny ipaddress
telnet deny ipaddress

see the below inetd.sec file from one of my server

monitor@testbox[/opt/ssh/etc] > cat /var/adm/inetd.sec
# @(#)B11.23_LRinetd.sec $Revision: 1.10.214.1 $ $Date: 96/10/08 13:20:06 $
#
#
# The lines in the file contain a service name, permission field and
# the Internet addresses or names of the hosts and/or networks
# allowed to use that service in the local machine.
# The form for each entry in this file is:
#
#
#
# For example:
#
# login allow 10.3-5 192.34.56.5 ahost anetwork
#
# The above entry allows the following hosts to attempt to access your system
# using rlogin:
# hosts in subnets 3 through 5 in network 10,
# the host with Internet Address of 192.34.56.5,
# the host by the name of "ahost",
# all the hosts in the network "anetwork"
#
# mountd deny 192.23.4.3
#
# The mountd entry denies host 192.23.4.3 access to the NFS rpc.mountd
# server.
#
# Hosts and network names must be official names, not aliases.
# See the inetd.sec(4) manual page for more information.
dtspc allow 127.0.0.1 loopback testbox


Suraj
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.