Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm using RedHat 9.0 Server . Want to grant FTP access to a particular user say TEST but disallow him Telnet access . As in he should only be allowed to fetch files from the server. But should not be allowed to login to the server for other activities . Hence want to restrict TELNET access for him.
{ I know TELNET is not at all safe but for time being consider this situation plz }
Remember please that others should be allowed to access the server using Telnet as well as FTP.
Thanks in advance.
Go into /etc/passwd and change the users login shell (the last thing on the line, usually /bin/bash or /bin/sh) to /sbin/nologin. This should still allow ftp, I believe...
If that doesn't work, you might just install ssh because it's easy to deny user login. Just edit sshd_config and add a line DenyUsers username1 username2...
Not sure if there's a telnetd_config file or not...
I don't have the telnet service installed, so that may by why I couldn't find much information on telnet authentication. The manpage only mentions that you can query the server what authentication methods are supported and select the one to use. If PAM is supported, you can limit access by editing the /etc/security/groups.conf file. This would also allow you to control which terminal can be used and during which hours.
rfc-1416, rfc-1411 and rfc-1412 may provide more information on telnet authentication.
You do know that using ssh instead of telnet is cosmetically no different to the non-techy users. They just have to download a different client program. Instead of typing telnet hostname they type ssh hostname and then login with their username and password. The only difference is that on windows machines, they have to download and use Putty (in which case the command is putty hostname) or another ssh client instead of using the builtin telnet. They really shouldn't be able to tell the difference....
Of course, I could be misreading what you mean and you might mean that you have legacy applications that somehow interact with telnet and so you have to keep using it...
Yes u r absolutely right and I agree with u by all means . I myself never use telnet anymore . But yes u didnt get me properly . Let me put it this way , a question to be answered .
A user TEST should be allowed FTP but denied TELNET at the same time to the same server ?
Now we have to answer this quest without using any other tools right ??
Any solution now ?? Or just let me know where else to post this question , i mean any other good forums where u do get replies.
Sorry, I was just trying to think outside the box on this one as you seem well aware ssh is easier to manage than telnet.
Anyway, posting because I found a solution to your problem (at least assuming the user doesn't need to login at the keyboard ever).
1) edit /etc/passwd and change that particular user's login shell to /sbin/nologin (same as you did above)
2) edit /etc/shells and add the shell /sbin/nologin
When I try to login with ssh or telnet, my test user can't login. But when I login through ftp, I get access to my chroot jailed home directory.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.