HPE Community
Operating System - HP-UX
1834354 Members
1893 Online
110066 Solutions
New Discussion

Re: How to disable a certain user to telnet to the server?

 
SOLVED
Go to solution
yyghp
Super Advisor

‎05-31-2006 08:04 AM

‎05-31-2006 08:04 AM

How to disable a certain user to telnet to the server?

I would like to block a certain user from logging into a server via "telnet", no matter this user tries to login from different clients. And I have to keep other users to be able to telnet the server.
What's the best way to achieve this?
Thanks!
0 Kudos
Reply
10 REPLIES 10
Torsten.
Acclaimed Contributor

‎05-31-2006 08:24 AM

‎05-31-2006 08:24 AM

Re: How to disable a certain user to telnet to the server?

The only way to do this is to delete the users account from this server, I guess.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Rick Garland
Honored Contributor

‎05-31-2006 08:26 AM

‎05-31-2006 08:26 AM

Solution

Re: How to disable a certain user to telnet to the server?

Create a function in the /etc/profile.

if [ $LOGNAME == "acct" ]
then
not allowed to login on this server
sleep 3
exit
fi

(Double check the test syntax)

Reply
Michael Steele_2
Honored Contributor

‎05-31-2006 08:28 AM

‎05-31-2006 08:28 AM

Re: How to disable a certain user to telnet to the server?

On a lab machine fool around with /var/adm/inetd.sec and deny any specific ip address. In this case the work station ip.

telnet deny 123.345.56.7 987.87.5.322 584.485.5.7
Support Fatherhood - Stop Family Law
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎05-31-2006 08:36 AM

‎05-31-2006 08:36 AM

Re: How to disable a certain user to telnet to the server?

Telnet is quite old and not designed for security, only for functionality.

I would extend Ricks post with an "echo" or something like that, but Michaels post assumes a certain IP address, this will other users stop too.

If you dislike the user, delete his account ;-))

Do you know the "operator from hell"?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎05-31-2006 09:42 AM

‎05-31-2006 09:42 AM

Re: How to disable a certain user to telnet to the server?

Shalom,

passwd -l username

Lock the account.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Michael Steele_2
Honored Contributor

‎05-31-2006 10:19 AM

‎05-31-2006 10:19 AM

Re: How to disable a certain user to telnet to the server?

inetd.sec will deny all telnet access or only one specific ip address.

telnet deny (* all telnet *)
telnet deny ip (* only that ip *)

There is also tcpwrappers.

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=TCPWRAP
Support Fatherhood - Stop Family Law
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎05-31-2006 11:08 AM

‎05-31-2006 11:08 AM

Re: How to disable a certain user to telnet to the server?

hi,

If you change the shell of this user to /usr/bin/false and add /usr/bin/false to the /etc/shells file, the user would not be able to do a telnet to the system. do you want to allow him to do a ssh or any other type of connection at all.

Hope this helps.

regds
0 Kudos
Reply
GBR
Regular Advisor

‎06-01-2006 06:08 AM

‎06-01-2006 06:08 AM

Re: How to disable a certain user to telnet to the server?

I like SEP's idea. That way you can enable the account at some point in the future, without wiping out the account.

Disable user %> passwd -l user
Enable user %> passwd user

GBR
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎06-01-2006 07:47 AM

‎06-01-2006 07:47 AM

Re: How to disable a certain user to telnet to the server?

I would like to know why you want to disable the telnet access for this user and if the user have to access the server in different ways. This will decide the option.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-01-2006 12:30 PM

‎06-01-2006 12:30 PM

Re: How to disable a certain user to telnet to the server?

I guess this is too simple: change the user's password. If the user knows multiple user logins (especially root), I would consider this a security issue and deal with the user. I would hope that your system does NOT have any duplicate logins:

logins -d

again, a serious security risk, just as having a lot of users login with the same user ID (a shared login).


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.