HPE Community
Operating System - HP-UX
1838365 Members
3122 Online
110125 Solutions
New Discussion

how to disable root user ftp 、ssh和telnet

 
huaxiang
Frequent Advisor

‎04-18-2009 02:04 AM

‎04-18-2009 02:04 AM

how to disable root user ftp 、ssh和telnet

1、version:11.31;
2、root user ftp and ssh disable;
3、all user telnet disable;
4、whichi conifg file ?

0 Kudos
Reply
3 REPLIES 3
Robert-Jan Goossens
Honored Contributor

‎04-18-2009 02:41 AM

‎04-18-2009 02:41 AM

Re: how to disable root user ftp 、ssh和telnet

Hi,

2 you can create a /etc/securetty file with the console, root will only able to login from console or with "su - " and/or sudo to become root.

# echo console > /etc/securetty

3 - Comment out the following line in the /etc/inetd.conf and run "inetd -c" to let inetd reread the configuration file.

#telnet stream tcp6 nowait root /usr/lbin/telnetd telnetd

Regards,
Robert-Jan
0 Kudos
Reply
Emil Velez
Honored Contributor

‎04-19-2009 07:04 AM

‎04-19-2009 07:04 AM

Re: how to disable root user ftp 、ssh和telnet

Configure telnet and ftp to use tcpwrapper

man tcpd (you edit /etc/inetd.conf)


(It should be installed with 11.31 just not configured)

That way you use hosts.allow and hosts.deny

for SSH you have the sshd_config that should be able to prevent root or any other user logins via ssh.
0 Kudos
Reply
Suraj K Sankari
Honored Contributor

‎04-19-2009 10:08 PM

‎04-19-2009 10:08 PM

Re: how to disable root user ftp 、ssh和telnet

Hi,
>>2ã root user ftp and ssh disable;

Restrict root login to the console
/etc/securetty is used by the login command; the file contains the device names of tty lines (one per line,
without leading /dev/) on which root is allowed to login. We only allow the console.
# echo console > /etc/securetty
# chmod 400 /etc/securetty

>>3ã all user telnet disable;

Telnet disabled

This means telnet should not be running. Comment out telnet line in /etc/inetd.conf and run "inetd
-c" Test by trying to telnet to the host.

Suraj
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.