- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Restrict terminals for ftp/telnet
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2001 11:35 PM
06-12-2001 11:35 PM
We would like to limit/restict the ftp/telnet access to few terminals using the IP Address. Can anyone guide me how to make it?
We are using HP-UX 11.0
TIA,
Hari
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2001 11:43 PM
06-12-2001 11:43 PM
SolutionAll of the internet services controlled by inetd (including telnet
and ftp) have their access controlled by the security file
/var/adm/inetd.sec. To restrict or allow particular access, specifically
list the service to be restricted, denied, or allowed. Then list specific IP
addresses for individual hosts or use network addresses to deny or allow entire
networks. Check the man pages on inetd.sec for more information on the
format of the file. The following is an example that will allow everything on
the 15.56 subnet and the single host 192.13.12.1 to telnet in.
Telnet sessions from all other hosts will be denied:
telnet allow 15.56.* 192.13.12.1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2001 11:56 PM
06-12-2001 11:56 PM
Re: Restrict terminals for ftp/telnet
I don't know if HPUX 11 includes something to
do that. On all systems I used I install tpc
wrappers to do that.
You can find some informations on forums to
get and install tcp wrapper called tcpd (so you
search "tcpd").
You need binary tcpd and configure tcpd. After
you need to modify inetd.conf like that (for
ftpd server) :
ftp stream tcp nowait root /usr/lbin/ftpd -l
Become :
ftp stream tcp nowait root /etc/tcpd
/usr/lbin/ftpd -l
In the second line ftpd is launch by tcpd, only
if you can connect to this service.
I don't know if it's possible to get binary
but I think you HAVE TO get sources and compile
them yourself, ... for SECURITY reasons.
Hope it's help,
Herve
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-13-2001 12:17 AM
06-13-2001 12:17 AM
Re: Restrict terminals for ftp/telnet
Thanks for the quick answer. One more thing, is it possible to restrict the access to the user level also? Like, no one should use the 'root' account to FTP. How to make it?
TIA,
Hari
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-13-2001 12:32 AM
06-13-2001 12:32 AM
Re: Restrict terminals for ftp/telnet
I think you can use /etc/ftpusers for ftp. In
this file you can specify user that COULDN'T
login.
I don't know how to do that for telnetd.
Bye
Herve
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-13-2001 12:44 AM
06-13-2001 12:44 AM
Re: Restrict terminals for ftp/telnet
Herve is rigth . you need to use the /etc/ftpuser
if you want to set up acount that can access only the ftp and not telnet use this :
1. Setup anonymous ftp.
2. Change the home directory for your user to that of ftp
Note: See /etc/passwd.
3. Change the shell to /usr/bin/false.
Note: This prevents the user from telneting in, but does allow
the user to access the system via ftp. The user will
function as anonymous ftp; not having the ability to
navigate the system.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-13-2001 12:48 AM
06-13-2001 12:48 AM
Re: Restrict terminals for ftp/telnet
To deny telnet but allow ftp, use /etc/ftpd/ftpacees file. this gives a easy method for restricted ftp , but no telnet.