HPE Community
Operating System - HP-UX
1838250 Members
4465 Online
110125 Solutions
New Discussion

restricting telnet access

 
SOLVED
Go to solution
A Pandey
Frequent Advisor

‎01-05-2006 12:37 AM

‎01-05-2006 12:37 AM

restricting telnet access

Hi All,

I want to restrict telnet access for everyone except myself (root) and some other users.

Everyone else uses telnets (secure telnet) however they still have a telnet icon on their desktop which will take weeks to remove (so says the windows sys admin).

thanks,

ap.
0 Kudos
Reply
4 REPLIES 4
George_Dodds
Honored Contributor

‎01-05-2006 12:47 AM

‎01-05-2006 12:47 AM

Solution

Re: restricting telnet access

You can either use tcpwrappers or or edit each users profile to restrict telnet access.
Reply
DCE
Honored Contributor

‎01-05-2006 12:53 AM

‎01-05-2006 12:53 AM

Re: restricting telnet access

Use TCP wrappers

Download and install the TCP Wrapper depot from the HP website


The files are installed in two directories
/usr/lbin
/usr/newconfig/etc

Make the following directories
/usr/lbin/wrapper
/usr/local/sbin/messages
/usr/local/sbin/messages/reject

Move the original telnet daemon file
mv /usr/lbin/telnetd /usr/lbin/wrapper/telnetd

Copy the tcpd file
cp /usr/lbin/tcpd /usr/lbin/telnetd

Copy the configuration files
cp /usr/newconfig/etc/hosts.allow /etc/hosts.allow
cp /usr/newconfig/etc/hosts.deny /etc/hosts.deny
cp /usr/newconfig/etc/tcpd.conf /etc/tcpd.conf

Customize the /etc/hosts.allow file
Add the following line to the end of the file:

telnetd : hostnames

Customize the /etc/hosts.deny file
Add the following line to the end of the file
Telnetd : ALL : BANNERS /usr/local/sbin/messages/reject

Customize the /etc/tcpd.conf file
Remove the remark from the rfc931_timeout line

Create the BANNER file
The file name must be the same as the daemon being manipulated â in the case telnetd
Change to /usr/local/sbin/messages/reject
Create a file called telnetd with the following entry:

WARNING!!

The system you are attempting to connect to does not allow telnet sessions


Force the inet daemon to re-read the configuration file

inetd â c


Reply
baiju_3
Esteemed Contributor

‎01-05-2006 12:57 AM

‎01-05-2006 12:57 AM

Re: restricting telnet access

check out inetd.sec file .

Man inetd.sec , you can allow telnet ,
from particular host and disable from all other hosts on the network .


thx,
bl.
Good things Just Got better (Plz,not stolen from advertisement -:) )
Reply
Ivan Ferreira
Honored Contributor

‎01-05-2006 07:47 AM

‎01-05-2006 07:47 AM

Re: restricting telnet access

It will be a little hard to restrict by user, what you could do is to check if you can pass the port to listen to the telnet daemon and change it. Configure your sesions to connect to the specified port. Anyway tcpwrappers seems to be more apropiate.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.