03-29-2006
Your /etc/hosts.deny file should look like this (lines without # in front of them):
ALL:ALL
This sets it so everything is denied from everywhere.
Then, you set up your hosts.allow to allow only what you want.
ALL: 127.0.0.1
This would allow ftp, telnet, ssh, r* commands, etc... to localhost from localhost (localhost should be the system you are working on).
If you have another system (PC, UNIX, whatever) that you want to add to allow it to telent or ftp or ssh into this system, you have to add a line for it - by either putting in the IP or the IP range.
Let's say the other system has a IP of 192.168.0.100. and you want to ssh from it to the Linux system. On the Linux system, add the following to /etc/hosts.allow - this will allow ANY system within the IP range of 192.168.0.XXX to connect.
sshd: 192.168.0.
If you only want one IP to connect:
sshd: 192.168.0.100
These will allow ssh only - to have ftp or telnet, you would either change the sshd to ALL (NOT recommended) or add lines to specify each individual protocol you want to add. Suggest you start with one and add on as needed.
sshd: 192.168.0.100
in.ftpd: 192.168.0.100
in.telnetd: 192.168.0.100
in.rlogind: 192.168.0.100
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I have a basic query. I use telnet and ftp very frequently. I want to do it without spending time in typing username and password everytime. I know that if I have .netrc file which contains server address, username, pasword, then just typing ftp will conect to that server with that username and... (10 Replies)
Discussion started by: asutoshch
10 Replies
2. IP Networking
Dumb question I'm sure but how on earth do I transfer files from a sco unix machine to my windows 2000 machine. I'm typing commands on my Win2000 machine. All I can seem to do is move files around on the unix system? (8 Replies)
Discussion started by: Timbash
8 Replies
3. Cybersecurity
Hi All,
If I want to have two user accounts from the same grop in UNIX Solaries. However, I want one of them to be used only for FTP while the other for TELNET. Can anybody tell me how to do that?
Best Regards (13 Replies)
Discussion started by: omran
13 Replies
4. UNIX for Dummies Questions & Answers
Hi quick question from a unix newbie
Working on a project to get me using unix, the point of this project is to find a printer on the network check for jobs in the printer if the printer has no jobs do nothing if the printer has jobs then check the status for errors and e-mail the user. This... (2 Replies)
Discussion started by: w33man
2 Replies
5. Linux
hi ,
i have jsut installed linux 9.0 , but i can not ftp or telnet to the system .
i have installed the ftp and the telnet server during installation .
i have also configured the files to enable the ftp and telnet , the ftp and the telnet daemons are running , but when i do ftp :
ftp... (1 Reply)
Discussion started by: ppass
1 Replies
6. UNIX for Dummies Questions & Answers
Yesterday, I and all my users couldn't connect to my server using ssh, telnet or ftp even though they were running (keep getting "connection timed out" error message).
This morning, my partner logon from the main console, restarted sshd and xinetd (I belive he didnt restarted the server), now I... (0 Replies)
Discussion started by: Micz
0 Replies
7. Shell Programming and Scripting
Hi,
I want to automate FTP. I have a fair idea that this can be done using expect scripting. But I dont how to do it. Please, can anyone give me an example of how to do it in Unix.
Thanks in advance (2 Replies)
Discussion started by: sendhilmani123
2 Replies
8. Shell Programming and Scripting
Hi All,
I have written a script which ftp certain file to other machine and as the ftp completes , I want to connect to that machine ( at which the file is ftped) .
Now the problem is that my script ftp's the file but it does not telnet to that machine. Suppose I am at machine1 and I want to... (11 Replies)
Discussion started by: aarora_98
11 Replies
9. UNIX for Advanced & Expert Users
Hello All,
I hope somebody can help me
I used to work to client using solaris 2.5.1 using telnet to explore disk and ftp to archive data.
There is one tester which I can connect using root password using putty but always keep rejecting me when i'm using root password using FTP.
Are the... (7 Replies)
Discussion started by: sawrio
7 Replies
10. UNIX for Dummies Questions & Answers
Aix6.1
last | grep ftp shows me only 3 days.
last does not show me telnet login or the same as ftp.
i'd like to get the last 90 days of users who telnet or ftp to the box.
thanks in advance. (3 Replies)
Discussion started by: lawsongeek
3 Replies
LEARN ABOUT DEBIAN
socks_clients
SOCKS_CLIENTS(1) General Commands Manual SOCKS_CLIENTS(1)
NAME
rfinger - SOCKS client version of finger
rftp - SOCKS client version of ftp
rtelnet - SOCKS client version of telnet
rwhois - SOCKS client version of whois
SYNOPSIS
See the man pages on finger(1), ftp(1), telnet(1), whois(1).
DESCRIPTION
These programs provide the well-known functionalities to hosts within a firewall. Normally, when a firewall is constructed, IP-accessibil-
ity across the firewall is cut off to reduce security risk to hosts within the firewall. As a result, inside hosts can no longer use many
of the well-known tools directly to access the resources outside the firewall.
These programs restore the convenience of the well-known tools while maintaining the security requirement. Though the programs differ very
much from their counterparts in the use of the communication scheme, they should behave almost indistinguishable to the users. Note though
that rftp does echo the password as you type it in if you are using anonymous as log-in name. Unlike those of the previous versions, these
are "versatile" clients, meaning that they can be used for connections to inside hosts directly and to outside hosts via SOCKS proxy
servers. So they can be used as replacements of their traditional counterparts.
When any of these programs starts, if the environment variable SOCKS_BANNER is defined, the program prints to stderr its version number and
the name or IP address of its default SOCKS proxy server. It then consults the configuration file to determine whether a request should be
allowed or denied based on the requesting user, the destination host, and the requested service. For allowable requests, the configuration
file also dictates whether direct or proxy connection should be used to the given destination, and optionally the actual SOCKS servers to
use for the proxy connection. The program lookps first for the frozen configuration file /etc/socks.fc first. If that's not found, it then
looks for the file /etc/socks.conf. If both files are absent, these programs will only try direct connections to the destination hosts,
making them behaving like their regular counterparts.
You can use environment variable SOCKS_NS to set the nameserver for domainname resolutions. Be sure you use the IP address of the name-
server you want to use, not its domainname. If SOCKS_NS doesn't exist, the IP address defined by the symbol SOCKS_DEFAULT_NS at compile
time is used if the programs were compiled with that symbol defined. Otherwise the nameservers specified in /etc/resolv.conf are used.
All the client programs uses syslog with facility daemon and level notice to log their activities. These log lines usually appear in file
/var/adm/messages though that can be changed by modifying /etc/syslog.conf. (See syslogd(8) and syslog.conf(5).) Typical lines look like
Apr 11 10:02:23 eon rfinger[631]: connect() from don(don) to abc.com (finger) using sockd at socksserv
May 10 08:39:07 eon rftp[603]: connect() directly from blue(blue) to xyz.edu (ftp)
May 10 08:39:09 eon rftp[603]: bind() directly from blue(blue) for xyz.edu (ftp)
May 18 13:31:19 eon rtelnet[830]: connect() from root(jon) to xyz.edu (telnet) using sockd at sockd2
May 18 14:51:19 eon rtelnet[921]: refused -- connect() from jon(jon) to xyz.edu (telnet)
Of the two user-ids appearing in each log line, the first is the effective user-id when the program is invoked, the second (that within the
parentheses) is the one used at login. Access control applies to the effective user-ids.
SEE ALSO
finger(1), ftp(1), sockd(8), sockd.conf(5), socks.conf(5), telnet(1), whois(1)
ENVIRONMENT
SOCKS_SERVER, if defined, specifies the name or IP address of the SOCKS proxy server host to use, overriding the default server compiled
into the programs.
SOCKS_NS, if defined, specify the IP address of the domain nameserver that should be used for name resolution, overriding both the defini-
tion of symbol SOCKS_DEFAULT_NS and the file /etc/resolv.conf.
ORIG_FINGER, if defined, specified the (altered) full pathname of the original finger program, which should have been renamed before
installing the rfinger as the regular finger. The rfinger program invokes the original finger program to lookup information on local users.
Normally this name should be compiled directly into rfinger, avoiding the need for this environment variable. Use ORIG_FINGER only if you
want to override what is compiled into rfinger.
AUTHOR
David Koblas, koblas@netcom.com
Ying-Da Lee, ylee@syl.dl.nec.com
May 6, 1996 SOCKS_CLIENTS(1)