Re: restricting telnet via username

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2004-02-27 Gregory Dunlap wrote:
> I'm attempting to restrict a telnet session of a group of users who
> need to run one application on a server.  They login via telnet and
> that is the only option at the moment.  They need to run a shell
> script and then that will launch the app.  I've set the shell for
> these users to the shell script so they won't have access to anything
> but this app.  I would like to restrict the telnet daemon further to
> allow only certain user names so they can't do a brute force attack.
> In sshd_config I've aways used allowd users setting but I don't see
> that in the hpux telnet config.  Any help would be greatly
> appreciated.

You can configure the system to only allow telnet connections from
specific hosts through hosts.allow or (x)inetd, but I don't know if it
is possible to restrict login on a per-user basis. Anyway I would
*strongly* recommend using ssh instead. Why is telnet your only option
at the moment? There is an HP-UX port of OpenSSH available from [1].

[1] http://hpux.asknet.de/hppd/hpux/Networking/Admin/openssh-3.7.1p2/

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------