- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Restrict set host login to remote node.
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2009 09:11 PM
тАО05-21-2009 09:11 PM
Restrict set host login to remote node.
We don't want to login to remote servers thru set ho "remote server name".
Our enviornment use,
1.Telnet is disable in both servers (local & remote).
2.Decnet over IP configured - Don't want to disturb this setting.
3.Local & Bind database host entry - Don't want to disturb.
I verified the configuration ,found remote server entry is available in Decnet_regirster database
Can you please suggest, if i remove this entry then we will not be able to login via "set ho" to remove server.
Is there any other things we've to verify to accomplish this?
OVMS : V8.3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2009 10:05 PM
тАО05-21-2009 10:05 PM
Re: Restrict set host login to remote node.
$ MC NCP show exec char
Look for this line.
Default access = incoming and outgoing
NCP>help set exec default
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2009 10:51 PM
тАО05-21-2009 10:51 PM
Re: Restrict set host login to remote node.
$ mc ncl flush session control naming cache entry "*"
Why is it important to restrict the outgoing selection of a node/host ?
If you have access to a node (username/password), you could easily use SYLOGIN.COM to refuse users from a specific source to continue a login.
Hakan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2009 11:09 PM
тАО05-21-2009 11:09 PM
Re: Restrict set host login to remote node.
to specifically block incoming sethost sessions, add this command to SYS$SYLOGIN (needs write access, eg SYSPRV to modify this file):
.
.
.
$ if f$extract(0,2,F$GETJI("","terminal") .eqs. "RT"
$ then
$ ! maybe some message here..
$ logout/brief
$ endif
.
.
.
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2009 11:14 PM
тАО05-21-2009 11:14 PM
Re: Restrict set host login to remote node.
from your Forum Profile:
I have assigned points to 0 of 118 responses to my questions.
Maybe you can find some time to do some assigning?
http://forums1.itrc.hp.com/service/forums/helptips.do?#33
Mind, I do NOT say you necessarily need to give lots of points. It is fully up to _YOU_ to decide how many. If you consider an answer is not deserving any points, you can also assign 0 ( = zero ) points, and then that answer will no longer be counted as unassigned.
Consider, that every poster took at least the trouble of posting for you!
To easily find your streams with unassigned points, click your own name somewhere.
This will bring up your profile.
Near the bottom of that page, under the caption "My Question(s)" you will find "questions or topics with unassigned points " Clicking that will give all, and only, your questions that still have unassigned postings.
Thanks on behalf of your Forum colleagues.
PS. nothing personal in this. I try to post it to everyone with this kind of assignment ratio in this forum. If you have received a posting like this before please do not take offence none is intended!
PPS. Zero points for THIS entry, please.
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-22-2009 12:20 AM
тАО05-22-2009 12:20 AM
Re: Restrict set host login to remote node.
or having a look at the job-logicals SYS$REM_*
would be a better way of determing the source and protocol.
Hakan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-22-2009 01:45 AM
тАО05-22-2009 01:45 AM
Re: Restrict set host login to remote node.
First, for the sake of clarity, and the benefit of others who may be following this thread, now or in the future, we should refer to the command without any abbreviations. This is particularly important for the sake of those whose fluency in English is limited.
The abbreviated command is: SET HOST
There are several ways that the ability to login using SET HOST can be restricted.
The most obvious way, and the one with the least global impact is the use of restrictions on REMOTE login. This is administered from within the AUTHORIZE utility. This restricts the logins on an individual account basis to certain hours of the day.
If this is not an absolute ban, but a ban on certain nodes or from certain nodes, code can be inserted into the system-wide login file (generally SYS$MANAGER:SYLOGIN.COM) to check at each login. This can include checks against:
- which node the connection originates from (as was mentioned using the SYS$REM* logical names),
- the particular node is authorized for that account (e.g., does the user hold a certain rights identifier)
- or other criteria
One could also probably remove the process (REMACP) from the DECnet configuration. I would not recommend this as it affects all users, not just individual users.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-24-2009 11:17 PM
тАО05-24-2009 11:17 PM
Re: Restrict set host login to remote node.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-25-2009 12:36 AM
тАО05-25-2009 12:36 AM
Re: Restrict set host login to remote node.
It's not entirely clear if you want to stop the SET HOST command from working, or if (instead) you want to block incoming SET HOST requests.
Assuming you want to block incoming SET HOST requests, here are few suggestions, in decreasing order of severity.
1. Delete (or rename) SYS$SYSTEM:REMACP.EXE. This is the program which receives incoming SET HOST connections.
Or ...
2. Edit SYS$MANAGER:RTTLOAD.COM to exit immediately. This procedure runs the REMACP program.
Or ...
3. Set the SYSGEN parameter RJOBLIM to 0. This parameter limits the number of concurrent incoming SET HOST connections.
Note that if you do 1 or 2, the system will continue to accept SET HOST logins until the next reboot. You can delete the REMACP process to prevent them.
Less drastic than all the above is to modify the system-wide SYLOGIN.COM procedure to force a logout if the user's terminal is an RT device. For example:
$ term = f$getdvi(0,"TERMINAL")
$ if f$locate("RTA",term) .lt. f$length(term)
$ then
$ logout
$ stop/id=0
$ endif
Regards,
Jeremy Begg
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-25-2009 01:25 AM
тАО05-25-2009 01:25 AM
Re: Restrict set host login to remote node.
No remote access at all ?
Just not telnet and decnet set host, but SET HOST/LAT is allowed ?
Only SSH as the remote access method ?
If the latter, then
AUTORIZE MODIFY user/NOREMOTE
will forbid all remote login but SSH for the specified user. Do this for all users once.
Do it also for user DEFAULT, then it is automatically for new users as well.
Through authorize You can e.g. let a door open for system management users in case SSH stops working.