HPE Community
Operating System - HP-UX
1834640 Members
2923 Online
110069 Solutions
New Discussion

Telnet access list

 
SOLVED
Go to solution
Khashru
Valued Contributor

‎10-22-2008 03:22 PM

‎10-22-2008 03:22 PM

Telnet access list

I want to disable telnet for all user except two users. I am using hp-ux 11.11. Can anyone please help. All other user will be using ssh.
0 Kudos
Reply
4 REPLIES 4
Johnson Punniyalingam
Honored Contributor

‎10-22-2008 05:37 PM

‎10-22-2008 05:37 PM

Re: Telnet access list

Hi Khashru,

step 1:- enable telnet service in your server

inetd.conf --> Edit the file reomve # for telnet services
Example :-
telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b /etc/issue

>>I want to disable telnet for all user except two users>>

step2:- Edit /var/adm/inetd.sec --> security file
you can allow telnet specfic ip addres

step 3:-

inetd -c refresh your settings or to take effect

Example :-
telnet allow 10.99.2.* 10.99.12.* 10.99.11.* 10.99.0.* 10.99.50.* 10.98.5.44

for more info please man inetd.sec

Thanks,
Best Regards,
Johnson
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Khashru
Valued Contributor

‎10-22-2008 05:44 PM

‎10-22-2008 05:44 PM

Re: Telnet access list

Thanks for the reply. I can stop telnet from specific host or IP using inetd.sec but my requirenent is that i need to stop by uing user name.
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

‎10-22-2008 06:08 PM

‎10-22-2008 06:08 PM

Re: Telnet access list

In a script pick up the process id and its parent id and if parent telnd then exit.

Just an idea.

or

you CAN do this with tcp_wrappers.

First - set up the hosts.deny as follows

telnetd : ALL

Then - set up the hosts.allow as follows

telnetd : menu@ALL

Of course this does nothing about FTP, rlogin, finger, etc. But you can tailor the files to cover those as well or use inetd.sec to limit those in addition. And you could limit the user to a specific host or subnet

telnetd : user@host1
telnetd : user@128.1.1



Thanks
Johnson
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
TTr
Honored Contributor

‎10-22-2008 06:22 PM

‎10-22-2008 06:22 PM

Solution

Re: Telnet access list

> I want to disable telnet
What about rlogin and ssh? are they running as services?
> except two users
telnet is an IP based protocol which means it does not check the username when a connection is made. It relies on the login command to do the user authentication. So you have to do your restriction at the login level and not at telnet. You can put a test in /etc/profile (or /etc/login) and check the username and allow only those two users to continue login.
This will cover rlogin and remsh as well. SSH uses its own user authentication so you need to do something similar there.
Or delete all user accounts except those two users.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.