HPE Community
Operating System - HP-UX
1836647 Members
1800 Online
110102 Solutions
New Discussion

telnet hpux

 
SOLVED
Go to solution
kacou
Regular Advisor

‎05-27-2008 08:53 AM

‎05-27-2008 08:53 AM

telnet hpux

1- Is it possible to prevent all user to remoteconnect by telnet?
2- Is it possible to prevent the root to open two sections (or account) at the same moment?
0 Kudos
Reply
33 REPLIES 33
Pete Randall
Outstanding Contributor

‎05-27-2008 08:57 AM

‎05-27-2008 08:57 AM

Re: telnet hpux

1. comment telnet out of /etc/inetd.conf (see man 4 inetd.conf for more information.

2. you could probably add some scripting to /etc/profile to count and limit the number of root logins.


Pete

Pete
0 Kudos
Reply
Ivan Krastev
Honored Contributor

‎05-27-2008 08:58 AM

‎05-27-2008 08:58 AM

Re: telnet hpux

See /etc/default/security - http://docs.hp.com/en/B9106-90011/security.4.html


NOLOGIN
This parameter controls whether non-root login can be disabled by the /etc/nologin file.

NOLOGIN=0 Ignore the /etc/nologin file and do not exit if the /etc/nologin file exists.

NOLOGIN=1 Display the contents of the /etc/nologin file and exit if the /etc/nologin file exists.

Default value: NOLOGIN=0

For 2 - use wrapper script to count root login sessions.

regards,
ivan
0 Kudos
Reply
Sp4admin
Trusted Contributor

‎05-27-2008 09:38 AM

‎05-27-2008 09:38 AM

Re: telnet hpux

Hey Kacou,

You can turn off telnet in the /etc/inetd.conf file. On you second question I'm not sure.

sp.
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎05-27-2008 10:10 AM

‎05-27-2008 10:10 AM

Re: telnet hpux

The "nologin" parameter of the security file will, I believe, prevent all non-root logins rather than just telnet. I don't think that was the intent.


Pete

Pete
0 Kudos
Reply
kacou
Regular Advisor

‎05-27-2008 10:17 AM

‎05-27-2008 10:17 AM

Re: telnet hpux

Is it possible to prevent all user to remote connect by telnet or ssh? but i don't want to desable telnet or ssh
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎05-27-2008 10:24 AM

‎05-27-2008 10:24 AM

Re: telnet hpux

>> Is it possible to prevent all user to remote connect by telnet or ssh?

Sure, just don't set up accounts for those users or disable their accounts.
0 Kudos
Reply
kacou
Regular Advisor

‎05-27-2008 10:49 AM

‎05-27-2008 10:49 AM

Re: telnet hpux

what do you think about this parameter (NUMBER_OF_LOGINS_ALLOWED=0)in /etc/default/security?
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎05-27-2008 11:50 AM

‎05-27-2008 11:50 AM

Re: telnet hpux

Did you read the man page to see what that option means? If not, you should as it is very informative and you can form your own opinion.

# man security
0 Kudos
Reply
Sajjad Sahir
Honored Contributor

‎05-28-2008 02:42 AM

‎05-28-2008 02:42 AM

Re: telnet hpux

Dear Kacout

put # symbol in front of telnet in /etc/inetd.conf file once u made changes
run inetd -c command
0 Kudos
Reply
Syed Nazer Abbas
Advisor

‎05-28-2008 03:29 AM

‎05-28-2008 03:29 AM

Re: telnet hpux

1-/etc/nologin create the file and only one root user can login.
0 Kudos
Reply
kacou
Regular Advisor

‎05-28-2008 03:47 AM

‎05-28-2008 03:47 AM

Re: telnet hpux

It is just two persons that I want to forbid , not all users.
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎05-28-2008 03:56 AM

‎05-28-2008 03:56 AM

Re: telnet hpux

Are these two persons supposed to be able to log in by any other means other than telnet or ssh? If not, then Patrick hit the nail on the head - remove or lock their accounts and they will not be able to log in at all.

Another possibility is to have a global login script like /etc/profile, which would have code in it to reject these users' login attempts.


Pete

Pete
0 Kudos
Reply
kacou
Regular Advisor

‎05-28-2008 04:06 AM

‎05-28-2008 04:06 AM

Re: telnet hpux

the two users must log using another acount and do ''su''.
0 Kudos
Reply
Syed Nazer Abbas
Advisor

‎05-28-2008 10:04 PM

‎05-28-2008 10:04 PM

Re: telnet hpux

well you can lock the user account.. vipw and put # on start of the username then that user will be unable to login to system.
0 Kudos
Reply
kacou
Regular Advisor

‎05-29-2008 01:04 AM

‎05-29-2008 01:04 AM

Re: telnet hpux

HI SIED NAZER,

I have make as you said. but this user can't do ''su'' to log himself even if he logs at first by the root.

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎05-29-2008 01:29 AM

‎05-29-2008 01:29 AM

Re: telnet hpux

>Syed: well you can lock the user account. vipw and put # on start of the username then that user will be unable to login to system.

This doesn't lock the user, it renames the user to "#whatever".

If you want to lock the user, you put a "*" before their password field.
0 Kudos
Reply
kacou
Regular Advisor

‎05-29-2008 01:37 AM

‎05-29-2008 01:37 AM

Re: telnet hpux

On the other hand I can not use 'su'. How can i resolve that?
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎05-29-2008 01:41 AM

‎05-29-2008 01:41 AM

Re: telnet hpux

>On the other hand I can not use 'su'. How can I resolve that?

su works fine to "*" out users. At least on a non-trusted system.
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎05-29-2008 01:42 AM

‎05-29-2008 01:42 AM

Re: telnet hpux

"I can not use 'su'"

Do you get any message?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
kacou
Regular Advisor

‎05-29-2008 02:19 AM

‎05-29-2008 02:19 AM

Re: telnet hpux

see the message below:

# su jean
su: Unknown id: jean




0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎05-29-2008 02:26 AM

‎05-29-2008 02:26 AM

Re: telnet hpux

User "jean" is not known by the system - did you modify /etc/passwd in any way?

Check this!

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎05-29-2008 02:27 AM

‎05-29-2008 02:27 AM

Re: telnet hpux

Based on the earlier replies I think you have an user

#jean

now instead of

jean, right?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Syed Nazer Abbas
Advisor

‎05-29-2008 02:56 AM

‎05-29-2008 02:56 AM

Re: telnet hpux

user

passwd -l jean -- lock the user account.

Reply
kacou
Regular Advisor

‎05-29-2008 03:16 AM

‎05-29-2008 03:16 AM

Re: telnet hpux

I do not want that 'jean' connects by ' telnet '. But by another account, and make 'su jean ' later. i don't want to lock his acount for ever.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.