HPE Community
Operating System - HP-UX
1846541 Members
2093 Online
110256 Solutions
New Discussion

ssh login

 
hemant_mopari
Contributor

‎08-18-2006 05:34 PM

‎08-18-2006 05:34 PM

ssh login

How can i disable all user telnet access to my system and configure ssh so that the user have to use ssh by default when they login...

Please help
0 Kudos
Reply
11 REPLIES 11
Geoff Wild
Honored Contributor

‎08-18-2006 05:58 PM

‎08-18-2006 05:58 PM

Re: ssh login

Install HP Secure Shell.

Comment out telnet from /etc/services and kill -HUP inetd

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
mohan singh
Frequent Advisor

‎08-18-2006 06:16 PM

‎08-18-2006 06:16 PM

Re: ssh login

Hemet ,

To disable the telnet service you need to disable the telnet services in /etc/inetd.conf file.
and for ssh , you need to install the ssh and configure for each user.

Mohan
0 Kudos
Reply
hemant_mopari
Contributor

‎08-18-2006 07:40 PM

‎08-18-2006 07:40 PM

Re: ssh login

Thanks for the reply ..

SSH is already installed in my machine how can i configure all users to user it . Also i have make changes to /etc/inetd file to disable telnet login .

Please help
Thanks
0 Kudos
Reply
IT_2007
Honored Contributor

‎08-19-2006 12:20 AM

‎08-19-2006 12:20 AM

Re: ssh login

you need to modify /etc/sshd/sshd.config file but before you modify, you better read how to install and configure ssh otherwise you don't know what you are doing with config file.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎08-19-2006 04:59 AM

‎08-19-2006 04:59 AM

Re: ssh login

And of course, your users must have an SSH client installed on their computers. Most terminal emulators do not have ssh capability. The latest versions of WRQ's Reflection (11.0 and higher), TinyTerm Plus, PuTTY, etc will support the SSH protocol (Windows does not have any internal SSH capability).


Bill Hassell, sysadmin
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎08-19-2006 08:54 AM

‎08-19-2006 08:54 AM

Re: ssh login

If I am understanfding your correctly you want your system to force people to use ssh when they telnet to this system. If this is what you are after, I can tell you that it is not going to happen. Forcing people to use ssh instead of telnet, will take user education and user end client updates. And still some users will resist because they do not like the change. If someone is using a plain old windows telnet client, telling them that they will have to use putty because you require ssh connections, will face a lot of resentment and resistance. This is why we are still keeping the telnet service running on our servers.

________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎08-19-2006 10:43 AM

‎08-19-2006 10:43 AM

Re: ssh login

Shalom,

You should disable telnet, thats a good thing.

Even if you get ssh to listen on port 23 an attempted telnet connection will not receive any useful information.

The clients are not compatible.

This is a policy issue and your users need to be notified.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
GBR
Regular Advisor

‎08-21-2006 12:49 AM

‎08-21-2006 12:49 AM

Re: ssh login

Make it as easy as possible for the users to install an ssh client on their machines. Creat a MoP (Method of Procedure) document and distribute via E-mail. Indicate within the document how to install the ssh client and the proper configuration.

I think it is important to move from telnet to ssh, security is crutial, as I'm sure you're aware since this is the direction you want to head in.

GBR
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎08-21-2006 03:25 AM

‎08-21-2006 03:25 AM

Re: ssh login

Is SSH running?

ps -ef | grep "/opt/ssh/sbin/sshd"

If not, enable it:

set SSHD_START=1 in /etc/rc.config.d/sshd

/sbin/init.d/secsh start

All users can now use ssh

Disable telent in /etc/inetd.conf and run inetd -c

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
DCE
Honored Contributor

‎08-21-2006 03:59 AM

‎08-21-2006 03:59 AM

Re: ssh login


You can also use TCP wrappers
http://h20293.www2.hp.com/portal/swdepot/searchProducts.do

to disable telnet in a more user friendly way
0 Kudos
Reply
PAVIC Thierry
Frequent Advisor

‎08-31-2006 02:35 AM

‎08-31-2006 02:35 AM

Re: ssh login

1 - Desactivate telnet :
edit your /etc/inetd.conf file and comment the following line :
telnet stream tcp6 nowait root /usr/lbin/telnetd telnetd
After user 'inetd â c' command in order to force to read the changes.

2 - Check if the following product is on our server
T1471AA A.03.91.009 HP-UX Secure Shell

3 - run the /opt/ssh/sbin/sshd deamon and try with an ssh client to connect to your server

4 - Generate key if you want to echange information with scp or ssh with other account or server.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.