HPE Community
Operating System - HP-UX
1825768 Members
3308 Online
109687 Solutions
New Discussion

Re: restrict the services

 
gany59
Regular Advisor

‎06-19-2009 11:21 AM

‎06-19-2009 11:21 AM

restrict the services

how to restrict the specific user for using telnet and ftp and ssh.. please let me know .. Maximum points assured
0 Kudos
Reply
2 REPLIES 2
Mel Burslan
Honored Contributor

‎06-19-2009 12:37 PM

‎06-19-2009 12:37 PM

Re: restrict the services

OS does not provide this functionality on username basis. You can use /var/adm/inetd.sec to limit users coming from IP addresses or ranges and what they can and can't do, just look at the examples in the file.

If you are keen on limiting on username basis, you need to develop a script logic, put it in the user's .profile and do not let them edit their own .profile (not a good idea) or put this in /etc/profile and check all users while logging in.

A last note, as a courtesy to the people contributing their valuable time to help you and likes of you, dangling points is not a very nice way to solicit help and may backfire. You may get plenty of responses from point hunters but not from the people who can give you the right answers in a way that you can understand. Do assign points to answers you receive according to their value but do not expect this to be a motivation factor for everyone. So far, what I have seen your earlier threads, your point assignments did not get you too many brownie points. So, if I were you I'd do an attitude adjustment. DO not take this as criticism but a friendly advice.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Vivek Bhatia
Trusted Contributor

‎06-21-2009 09:48 PM

‎06-21-2009 09:48 PM

Re: restrict the services

Hi Gany,

1. If you want to block the ftp for root.

Edit the file "/etc/ftpd/ftpusers" and add root in this file to block ftp from root on the server.

2. Disable telnet for root.
Edit the file below.

# cat /etc/securetty
console

That will prevent root logging in directly from anywhere but the console. It will allow you to log in via telnet as a regular user and, if you know the root password, do a 'su -' to get to root.

3.Edit the sshd_config
vi /etc/ssh/sshd_config or /usr/local/etc/openssh/sshd_config

# To allow only certain users >> Allows only user1 and user2 to login via SSH

AllowUsers user1 user2 user3

# To block certain users >> Blocks only user5 and user6

DenyUsers user5 user6

Regards
Vivek
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.