HPE Community
Operating System - HP-UX
1845900 Members
5017 Online
110250 Solutions
New Discussion

telnet

 
amit singh_3
Advisor

‎03-23-2004 10:03 PM

‎03-23-2004 10:03 PM

telnet

How to block the user from accessing the
system through telnet.
how to restrict the user from using the telnet
utility?

Amit Singh
0 Kudos
Reply
19 REPLIES 19
Jean-Luc Oudart
Honored Contributor

‎03-23-2004 10:08 PM

‎03-23-2004 10:08 PM

Re: telnet

If you know the user's IP@
change /var/adm/inetd.sec

man inetd.sec


Regards,
Jean-Luc
fiat lux
0 Kudos
Reply
Mark Grant
Honored Contributor

‎03-23-2004 10:10 PM

‎03-23-2004 10:10 PM

Re: telnet

Or if it's to stop everyone using it, comment out the telnetd entery in /etc/inetd.conf and restart inetd.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
amit singh_3
Advisor

‎03-23-2004 10:15 PM

‎03-23-2004 10:15 PM

Re: telnet

ur not getting me,
what I want to say is that...
I am having auser "ana" & "root" from the other servers. I want that they should not do the telnet to my servers.
What should i do ?

Amit Singh
0 Kudos
Reply
Naveej.K.A
Honored Contributor

‎03-23-2004 10:15 PM

‎03-23-2004 10:15 PM

Re: telnet

why would like to stop telnet for a particular user?? Then what access you want to give the user other than telnet??

Is it a permanently or temporarily.
type:

> home direcotyr of user/logout

this will creat a file logout in user's home directory

and then put this entry in the .profile of the user's home directory.

if (test -f logout)
then exit 0
fi

to enable access to the user remove the file logout from the home directory of the user.

with best wishes.
naveej


practice makes a man perfect!!!
0 Kudos
Reply
Mourad Derriche
Occasional Advisor

‎03-23-2004 10:15 PM

‎03-23-2004 10:15 PM

Re: telnet

As suggested, use /var/adm/inetd.sec to restrict inbound access.

Regarding limiting the use of the telnet application, it's another matter where you have the option to incorporate a set of different approaches. Each approach have some cons.

1) Completely remove telnet from the system.

2) Move the telnet binary to a directory which is only accessible by certain users.

3) Wrap the telnet binary in a script.

4) Setup a jailed shell, which doesnt include the binary.

No matter which approach you choose, you have to ensue that the user aint able to transfer data to the account, otherwise the user would be able to circumvent the restriction by uploading a binary with telnet capabilities.
Read between the lines...
0 Kudos
Reply
Naveej.K.A
Honored Contributor

‎03-23-2004 10:30 PM

‎03-23-2004 10:30 PM

Re: telnet

In yoour case, as you know from where the user is going to telnet and with what user name the user is going to log in..

U can easily set up a script in the .profile of the home directory of the user or in the /etc/profile , which matches the IP address and the user name by executing whomai and who -u and hence denying access...

With best wishes
naveej
practice makes a man perfect!!!
0 Kudos
Reply
amit singh_3
Advisor

‎03-23-2004 10:42 PM

‎03-23-2004 10:42 PM

Re: telnet

In linux we are having the /etc/xinetd.d/telnet in which we can specify the uid's which are allowed to the system.
does HP-Ux is having that kind of functionality? thats what I want to know.

also if I want to block the root from the
other system for doing the telnet to my machine, I can edit the /etc/securetty file
in linux and remove the line "telnet" from that, but what to do in HP-Ux?


Amit Singh
0 Kudos
Reply
Jean-Luc Oudart
Honored Contributor

‎03-23-2004 10:48 PM

‎03-23-2004 10:48 PM

Re: telnet

on HPUX

/etc/securetty
one line
console

so only root cannot telnet from a remote system. You will have to telnet as another user then su for root.

Regards,
Jean-Luc
fiat lux
0 Kudos
Reply
Shaikh Imran
Honored Contributor

‎03-23-2004 10:48 PM

‎03-23-2004 10:48 PM

Re: telnet

Hi,
For telnet restrictions try from SAM
for denying root telnet access just create a file /etc/securetty and add "console" with the following command:
#cat "console" > /etc/securetty

Reg
I'll sleep when i am dead.
0 Kudos
Reply
KapilRaj
Honored Contributor

‎03-23-2004 10:51 PM

‎03-23-2004 10:51 PM

Re: telnet

Can think of installing "SSH" and disabling telnet I think ssh can have such controls though not tested

Regds,

Kaps
Nothing is impossible
0 Kudos
Reply
amit singh_3
Advisor

‎03-23-2004 11:14 PM

‎03-23-2004 11:14 PM

Re: telnet

hey jean I agree with U but what about the
normal user? if I want that the particular user should not do the telnet to my machine
then which file should I change?

Amit singh
0 Kudos
Reply
Shaikh Imran
Honored Contributor

‎03-23-2004 11:23 PM

‎03-23-2004 11:23 PM

Re: telnet

The /etc/securetty file is for root only and normal users can login from any other pc but root can only login through console.
You can use a normal user login and use su to get the root login if required.

Reg
I'll sleep when i am dead.
0 Kudos
Reply
Jean-Luc Oudart
Honored Contributor

‎03-23-2004 11:42 PM

‎03-23-2004 11:42 PM

Re: telnet

If you have /etc/default/security setup

remove/rename this user home directory and amend the security file with :
ABORT_LOGIN_ON_MISSING_HOMEDIR=1
Therefore the user with no valid home directory will fail to login.

Jean-Luc
PS : I haven't tried myself, this is from documentation
check this link
http://www.interex.org/pubcontent/enterprise/jul01/09uxqa.html

fiat lux
0 Kudos
Reply
amit singh_3
Advisor

‎03-24-2004 06:05 PM

‎03-24-2004 06:05 PM

Re: telnet

hey jean,

thanks for Ur help.
but would U tell me what will happen if I put the name of the user in /etc/nologin.
& do You have any document on these things.
I will be thankfull to U.

byeeeee

Amit Singh
0 Kudos
Reply
KapilRaj
Honored Contributor

‎03-24-2004 06:16 PM

‎03-24-2004 06:16 PM

Re: telnet

a file /etc/nologin will reject all users except root from logging onto the node

I never tried inserting an userid out there

Kaps
Nothing is impossible
0 Kudos
Reply
Suresh Patoria
Super Advisor

‎03-24-2004 06:28 PM

‎03-24-2004 06:28 PM

Re: telnet

Hi

Make the comment in /etc/services and /etc/inetd.conf file

Thanx
0 Kudos
Reply
Jean-Luc Oudart
Honored Contributor

‎03-24-2004 08:36 PM

‎03-24-2004 08:36 PM

Re: telnet

Hi Amit,

as mentioned /etc/nologin is too extreme for what you are looking for.
In my previous post I mentioned another possibility (eventhough I have not tested it!).

Also, you should assign points to the forumers who contributed to your threads.

Regards,
Jean-Luc
fiat lux
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎03-24-2004 09:06 PM

‎03-24-2004 09:06 PM

Re: telnet

Hi Amit,

Block one user for telnet, but he can still use ftp ?

change his shell entry in the /etc/passwd file to /usr/bin/false.

Robert-Jan
0 Kudos
Reply
amit singh_3
Advisor

‎03-25-2004 01:26 AM

‎03-25-2004 01:26 AM

Re: telnet

hey Robert,

If I am changing the shell entry in passwd file then how he will be getting the shell
whenever he is logging.
another thing is that if that user from the other server then?
I think this is not the permanent solution to this.

Amit Singh
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.