HPE Community
Operating System - HP-UX
1833776 Members
2130 Online
110063 Solutions
New Discussion

telnet security

 
SOLVED
Go to solution
Ming.Dynasty
Advisor

‎10-03-2006 09:06 PM

‎10-03-2006 09:06 PM

telnet security

Hi

for security reason,how can I deny a certain user telnet from a host to all other hosts?modify only can do in this host,any idea?
0 Kudos
5 REPLIES 5
Peter Godron
Honored Contributor

‎10-03-2006 09:30 PM

‎10-03-2006 09:30 PM

Re: telnet security

Hi,
the only way I know of and I have never used it in a real environment, is to create an ACL for the telnet command:

setacl -m user:fred:--- /usr/bin/telnet

This will give the user fred a message of "Permissions denied" when he issues the telnet command.
0 Kudos
spex
Honored Contributor

‎10-04-2006 12:14 AM

‎10-04-2006 12:14 AM

Re: telnet security

Hi,

If you are unable to use ACLs, you could create a telnet wrapper script.

#!/usr/bin/sh
TELNET=/obfuscated/path/to/telnet
DENIED_USER=user1
[[ "$(whoami)" = "${DENIED_USER}" ]] && echo "telnet denied" || ${TELNET}
exit

Move the telnet binary to an obscure directory that's not listed in ${PATH}. Save the script as /usr/bin/telnet.

PCS
0 Kudos
Ming.Dynasty
Advisor

‎10-04-2006 02:31 PM

‎10-04-2006 02:31 PM

Re: telnet security

Thanks for reply

but if the user ftp in a new telnet program,all modify will not work. anyway it works for rookies well. lol
0 Kudos
Robert Fritz
Regular Advisor

‎10-05-2006 03:42 AM

‎10-05-2006 03:42 AM

Solution

Re: telnet security

I don't think that limiting access to the client will be enough, since the user can easily install their own client, or compile their own locally.

I think you're only option is to use something like a restricted-shell for that user with a very carefully-crafted white-list of commands.

That said... I think your requirement may be going about it the wrong way. In general, the best security solutions rely on the resource to protect itself (in your case the hosts that you don't want the user to access). Going the other way around is asking for trouble... as one simple example illuminates...

Say you do a bunch of work to restrict telnet... the user plugs a laptop into a port on your network... and accesses the servers...

I'd think carefully about the threat you're trying to protect against, before investing in what could turn out to be a brittle solution.

Hope that helps,
-Robert
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
0 Kudos
Ming.Dynasty
Advisor

‎10-05-2006 01:22 PM

‎10-05-2006 01:22 PM

Re: telnet security

Sorted out

thanks all
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.