Operating System - HP-UX
1834463 Members
2750 Online
110067 Solutions
New Discussion

Restrict terminals for ftp/telnet

 
SOLVED
Go to solution

Restrict terminals for ftp/telnet

Hi,

We would like to limit/restict the ftp/telnet access to few terminals using the IP Address. Can anyone guide me how to make it?

We are using HP-UX 11.0

TIA,
Hari
6 REPLIES 6
eran maor
Honored Contributor
Solution

Re: Restrict terminals for ftp/telnet

Hi

All of the internet services controlled by inetd (including telnet
and ftp) have their access controlled by the security file
/var/adm/inetd.sec. To restrict or allow particular access, specifically
list the service to be restricted, denied, or allowed. Then list specific IP
addresses for individual hosts or use network addresses to deny or allow entire
networks. Check the man pages on inetd.sec for more information on the
format of the file. The following is an example that will allow everything on
the 15.56 subnet and the single host 192.13.12.1 to telnet in.
Telnet sessions from all other hosts will be denied:
telnet allow 15.56.* 192.13.12.1

love computers
Herve BRANGIER
Respected Contributor

Re: Restrict terminals for ftp/telnet

Hi,

I don't know if HPUX 11 includes something to
do that. On all systems I used I install tpc
wrappers to do that.

You can find some informations on forums to
get and install tcp wrapper called tcpd (so you
search "tcpd").

You need binary tcpd and configure tcpd. After
you need to modify inetd.conf like that (for
ftpd server) :

ftp stream tcp nowait root /usr/lbin/ftpd -l

Become :
ftp stream tcp nowait root /etc/tcpd
/usr/lbin/ftpd -l

In the second line ftpd is launch by tcpd, only
if you can connect to this service.

I don't know if it's possible to get binary
but I think you HAVE TO get sources and compile
them yourself, ... for SECURITY reasons.

Hope it's help,

Herve


Re: Restrict terminals for ftp/telnet

eran maor,

Thanks for the quick answer. One more thing, is it possible to restrict the access to the user level also? Like, no one should use the 'root' account to FTP. How to make it?

TIA,
Hari
Herve BRANGIER
Respected Contributor

Re: Restrict terminals for ftp/telnet

Hi,

I think you can use /etc/ftpusers for ftp. In
this file you can specify user that COULDN'T
login.

I don't know how to do that for telnetd.

Bye

Herve
eran maor
Honored Contributor

Re: Restrict terminals for ftp/telnet

Hi
Herve is rigth . you need to use the /etc/ftpuser

if you want to set up acount that can access only the ftp and not telnet use this :
1. Setup anonymous ftp.

2. Change the home directory for your user to that of ftp

Note: See /etc/passwd.

3. Change the shell to /usr/bin/false.

Note: This prevents the user from telneting in, but does allow
the user to access the system via ftp. The user will
function as anonymous ftp; not having the ability to
navigate the system.
love computers
R Madhavan
Frequent Advisor

Re: Restrict terminals for ftp/telnet

To deny ftp but allow telnet you can do with /etc/ftpusers file.
To deny telnet but allow ftp, use /etc/ftpd/ftpacees file. this gives a easy method for restricted ftp , but no telnet.