- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Restrict users to IP address
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2004 03:47 AM
05-06-2004 03:47 AM
Hi all,
I was wondering if it is possible to restrict a user from telnetting to a HP-UX server from two IP address.
I've been looking at tcp wrappers and IPfilter\IPSec but to no avail.
I know a script can be written and added to the login process but this is a last resort.
Thanks in advance,
G.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2004 03:51 AM
05-06-2004 03:51 AM
SolutionWell, the standard inetd.sec can only go down to hostname or IP granularity.
BUT tcp-wrappers *can* go down to user level.
You would set up the hosts.deny like:
telnetd : username@111.222.111.222 username@111.222.111.223
HTH,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2004 03:56 AM
05-06-2004 03:56 AM
Re: Restrict users to IP address
telnet deny "ip1"
telnet deny "ip2"
OR hosts.deny, if you have tcp wrappers.
telnet : user@ip1, user@ip2
Anil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2004 10:45 PM
05-06-2004 10:45 PM
Re: Restrict users to IP address
That doesn't seem to work.
Is there some configuration changes required for the username lookup to work ?
G.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2004 12:34 AM
05-07-2004 12:34 AM
Re: Restrict users to IP address
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2004 01:53 AM
05-07-2004 01:53 AM
Re: Restrict users to IP address
Few things:
1) Run tcpdchk to verify the tcp-wrapper install & config
2) Make sure that inetd.conf is calling tcpd instead of telnetd - like
telnet stream tcp nowait root /opt/tcpwrapper/bin/tcpd telnetd
Of course use whatever is the actual path for your tcpd binary
3) If you've edited inetd.conf run inetd -c
4) Try nslookup those IPs & use the hostname instead of the IP
HTH,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2004 02:09 AM
05-07-2004 02:09 AM
Re: Restrict users to IP address
I got it to work but it doesn't solve my problem.
A bit of background.
The connection I'm trying to make is from a wintel PC using a telnet session to a HP-UX server.
What was required to get it to work was a "ident service" running on the PC so it could send the username (username that was used to log onto PC)to the HP server for verifcation.
Once the username and IP address are verified a telnet session is granted to the PC from the server.
Here's the problem,
Once the telnet session is granted I can attempt to login onto the server with any username, not the username verified in the hosts.allow file.
Is is possible to use the login service with TCP wrappers.
In other words once the username and password have been enter and the return key press, is it possible then to check the username and IP address with TCP-wrappers or by other means.
Thanks,
G.