restrict remote login

Huyen Nguyen · ‎08-03-2001

This might be a trivial question, but does anyone know how to restrict remote login for a certain account so that users MUST "su" into the account instead of remote login?

Thanks!

Bill Hassell · ‎08-03-2001

There is no way to do this as there is for root. Requiring root to always use su is a common mechanism and is accomplished with either:

echo console > /etc/securetty

or

cat /dev/null > /eetc/securetty

In the first case, root (or any login with UID=0) can login to the console, but in the second case, root can never login (pretty secure, eh?). Instead, users must login as an ordinary user ID, then use su - root to attain root privileges, thus requiring two passwords and two logging steps.

For ordinary users, you would have to write special code in /etc/profile (and /etc/login.csh if necessary) to detect these special user(s) and give an error message when an incorrect login is attempted.

Bill Hassell, sysadmin

Wodisch · ‎08-04-2001

Hello Huyen,

in addition to Bill's answer, when you have X-Windows
(i.e. CDE) set up and running, your restricting code
has to go into "Xsetup" or "Xstartup" in the directory
"/etc/dt/config/" - when those script have an exit-value
other than 0, then they will deny login.

HTH,
Wodisch

Frank Li · ‎08-05-2001

You means that certain user can only login in from console or su ?

You can revise the /etc/profile to get to this :

-=-=-=-=
trap "" 1 2 3
#put the real user account as username below
USER=username
HOSTNAME=$(hostname)
Login_Host=$(who -R | grep $USER| tail -1 | awk '{print $6}')
AllowLogin=$(grep $HOSTNAME "$Login_Host")
if test "$Allowlogin" -eq ""
then
#Not allowed in
echo You are not allowed to login from $Login_Host as $USER
exit
fi

trap 1 2 3

-=-=-=-=-=

Then now username is only allow to login on cosole or through su .

Hi Friend

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

restrict remote login

restrict remote login

Re: restrict remote login

Re: restrict remote login

Re: restrict remote login