Telnet-FTP combined query ??
 

Hi Folks ,

I'm using RedHat 9.0 Server . Want to grant FTP access to a particular user say TEST but disallow him Telnet access . As in he should only be allowed to fetch files from the server. But should not be allowed to login to the server for other activities . Hence want to restrict TELNET access for him.
{ I know TELNET is not at all safe but for time being consider this situation plz }
Remember please that others should be allowed to access the server using Telnet as well as FTP.
Thanks in advance.

Go into /etc/passwd and change the users login shell (the last thing on the line, usually /bin/bash or /bin/sh) to /sbin/nologin. This should still allow ftp, I believe...

If that doesn't work, you might just install ssh because it's easy to deny user login. Just edit sshd_config and add a line DenyUsers username1 username2...

Not sure if there's a telnetd_config file or not...

I don't have the telnet service installed, so that may by why I couldn't find much information on telnet authentication. The manpage only mentions that you can query the server what authentication methods are supported and select the one to use. If PAM is supported, you can limit access by editing the /etc/security/groups.conf file. This would also allow you to control which terminal can be used and during which hours.

rfc-1416, rfc-1411 and rfc-1412 may provide more information on telnet authentication.

Thanks pljvaldez & jschiwal,

Yes I have already tried the method of nologin. But it didnt work.Though it works well for TELNET , the FTP doesnt allow such logins.

SSHD is the better option but like I said this server has to use TELNET ( Being a traditional tool over the non-techy users ) .

I guess then there is no solution for this prob . Moderators /Experts giving you all Last SOS .....

You do know that using ssh instead of telnet is cosmetically no different to the non-techy users. They just have to download a different client program. Instead of typing telnet hostname they type ssh hostname and then login with their username and password. The only difference is that on windows machines, they have to download and use Putty (in which case the command is putty hostname) or another ssh client instead of using the builtin telnet. They really shouldn't be able to tell the difference....

Of course, I could be misreading what you mean and you might mean that you have legacy applications that somehow interact with telnet and so you have to keep using it...

Hi pljvaldez ,

Yes u r absolutely right and I agree with u by all means . I myself never use telnet anymore . But yes u didnt get me properly . Let me put it this way , a question to be answered .
A user TEST should be allowed FTP but denied TELNET at the same time to the same server ?
Now we have to answer this quest without using any other tools right ??
Any solution now ?? Or just let me know where else to post this question , i mean any other good forums where u do get replies.

Anyways thaks 4 ur interest so far.

Sorry, I was just trying to think outside the box on this one as you seem well aware ssh is easier to manage than telnet.

Anyway, posting because I found a solution to your problem (at least assuming the user doesn't need to login at the keyboard ever).

1) edit /etc/passwd and change that particular user's login shell to /sbin/nologin (same as you did above)
2) edit /etc/shells and add the shell /sbin/nologin

When I try to login with ssh or telnet, my test user can't login. But when I login through ftp, I get access to my chroot jailed home directory.