Security Basics mailing list archives

Re: restricting telnet via username

From: "Gabriel Orozco" <gabriel_orozco () mx sumida com>
Date: Mon, 1 Mar 2004 18:44:35 -0600

I think it's more or less simple:

for telnet / ssh, you only need to put a valid shell in /etc/passwd to
enable telnet. if you want to disable it, put /bin/false or an invalid shell
(the first it's my regular choice. do not forget to add /bin/false to
/etc/shells if you do not have it already there)

Gabriel Orozco
Sysadmin
SAM/IT

----- Original Message -----
From: "Gregory Dunlap" <gtdunlap () midsouth rr com>
To: "security-basics" <security-basics () securityfocus com>
Sent: Friday, February 27, 2004 10:55 PM
Subject: restricting telnet via username

Hello all,
  I'm attempting to restrict a telnet session of a group of users who
need to run one application on a server.  They login via telnet and that
is the only option at the moment.  They need to run a shell script and
then that will launch the app.  I've set the shell for these users to
the shell script so they won't have access to anything but this app.  I
would like to restrict the telnet daemon further to allow only certain
user names so they can't do a brute force attack.  In sshd_config I've
aways used allowd users setting but I don't see that in the hpux telnet
config.  Any help would be greatly appreciated.

Thanks,
Greg


--------------------------------------------------------------------------

--------------------------------------------------------------------------

--



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.600 / Virus Database: 381 - Release Date: 28/02/2004


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------

Current thread:

restricting telnet via username Gregory Dunlap (Mar 01)
- Re: restricting telnet via username Ansgar -59cobalt- Wiechers (Mar 01)
- Re: restricting telnet via username Gabriel Orozco (Mar 02)
- RE: restricting telnet via username Aditya, ALD [Aditya Lalit Deshmukh] (Mar 03)
  - RE: restricting telnet via username Gregory Dunlap (Mar 04)
    - Re: restricting telnet via username Bob Radvanovsky (Mar 04)
- <Possible follow-ups>
- Re: restricting telnet via username Justin_Andrusk (Mar 01)
- Re: restricting telnet via username Gabriel Orozco (Mar 03)
- RE: restricting telnet via username Todd Fencl (Mar 04)
- RE: restricting telnet via username Bully Cillóniz (Mar 04)