HPE Community
Operating System - HP-UX
1833358 Members
3400 Online
110051 Solutions
New Discussion

Restricted login to server

 
yulianto piyut
Valued Contributor

‎10-04-2009 10:51 PM

‎10-04-2009 10:51 PM

Restricted login to server

hi all,

how to restricted user login to server hp-ux ?
I want to restricted some user to login to server.

-yut-
0 Kudos
Reply
11 REPLIES 11
Md. Farhan A Azam
Trusted Contributor

‎10-04-2009 11:08 PM

‎10-04-2009 11:08 PM

Re: Restricted login to server

Hi,

What type of restriction you are asking about...

Is this FTP user or Telnet, SSH.

What is the OS version.


thnx...farhan
0 Kudos
Reply
Hakki Aydin Ucar
Honored Contributor

‎10-04-2009 11:16 PM

‎10-04-2009 11:16 PM

Re: Restricted login to server

OR do you mean with restricted users SAM restricted user:

SAM - system administration manager

# sam -f
## Execute SAM with the privileges associated
with the specified login. When used in
conjunction with -r, the Restricted SAM
Builder is invoked and initialized with the
privileges associated with the specified
login.

# sam -r
## Invoke the Restricted SAM Builder. This
enables the system administrator to provide
limited non-superuser access to SAM
functionality.
0 Kudos
Reply
yulianto piyut
Valued Contributor

‎10-04-2009 11:18 PM

‎10-04-2009 11:18 PM

Re: Restricted login to server

to deny ssh login, but user still can sftp & scp.
0 Kudos
Reply
Hakki Aydin Ucar
Honored Contributor

‎10-04-2009 11:41 PM

‎10-04-2009 11:41 PM

Re: Restricted login to server

You must be clear what you want first then:

You should always block access to root user/group:
Open /etc/ssh/sshd_config file:

# vi /etc/ssh/sshd_config

Append following names (directives):

DenyUsers user1 user2

0 Kudos
Reply
Hakki Aydin Ucar
Honored Contributor

‎10-04-2009 11:50 PM

‎10-04-2009 11:50 PM

Re: Restricted login to server

oops..

I was in Linux box when I trying it, apparently it is not good for HP UX:

check this post and its attachments :

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=851253
0 Kudos
Reply
yulianto piyut
Valued Contributor

‎10-05-2009 12:41 AM

‎10-05-2009 12:41 AM

Re: Restricted login to server

hi,

editing sshd_config and add "DenyUsers username" can restricted some user to login to server, but user can not make sftp or scp to server. I just tried it.
0 Kudos
Reply
F Verschuren
Esteemed Contributor

‎10-05-2009 12:54 AM

‎10-05-2009 12:54 AM

Re: Restricted login to server

you can change the .profle of this user and put exit in there.

sftp does not go true the profile and ssh is.. so will exit.
Be aware that the user is able to change its profile whit sftp...

an other option is to create a sftponly shell. this is some work (not able to give a exapmel ad this moment)
0 Kudos
Reply
Kapil Jha
Honored Contributor

‎10-05-2009 12:59 AM

‎10-05-2009 12:59 AM

Re: Restricted login to server

You can try to put shell as false, and it owuld not allow the user to get a shell.
I suppose user can do sftp etc.

BR,
Kapil+
I am in this small bowl, I wane see the real world......
0 Kudos
Reply
F Verschuren
Esteemed Contributor

‎10-05-2009 12:59 AM

‎10-05-2009 12:59 AM

Re: Restricted login to server

I was mistaking about the shell. is is not al lot of work, just put the shell on
/usr/bin/false
and make sure /usr/bin/false is not in the /etc/shells file.

a exit 0 in the .profile is a extra (that alsow will work....

0 Kudos
Reply
Hakki Aydin Ucar
Honored Contributor

‎10-05-2009 01:14 AM

‎10-05-2009 01:14 AM

Re: Restricted login to server

Hi again,

maybe this docs OR similar in docs.hp.com will be useful as supplementary support :

http://docs.hp.com/en/5991-7517/ch01s04.html
0 Kudos
Reply
Hakki Aydin Ucar
Honored Contributor

‎10-05-2009 03:16 AM

‎10-05-2009 03:16 AM

Re: Restricted login to server

I somehow found sshd_config commands.
Attached.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.