Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: telnet & ftp in linux AS4 with root account
Operating Systems Linux Red Hat telnet & ftp in linux AS4 with root account Post 302080713 by gautamatul82 on Thursday 20th of July 2006 08:53:58 AM
Old 07-20-2006
Hi,

As in the previous reply, we should not use FTP and TELNET as they are not that much secure rather you can use SSH that will allow you to log in to the machine and will also let you have the functionality of FTP with the implementation of SFTP which is already there into it.

Regarding that, you can try and use the steps given below ---

1) You can have TCP Wrappers for which you need to edit the /etc/hosts.allow file and append the IPs to which you want to give access. The format should be ---

<service> : <IP Address> : <allow/deny>

2) First make sure that the service SSH is running or not by using the command ---

# service sshd status

and if it is running then stop it.

3) Edit the file /etc/ssh/sshd_config

Change the parameters given below --

Port 22
Protocol 2,1
ListenAddress <IP Address>:22

PermitRootLogin yes

[This line controls the access to login to the machine as root. If you set "no" over here, then the root user will not be able to log in to the machine using SSH.]

NOTE : If you want to allow selected groups or users only, then under Authentication clause you should have the following and remember the groupnames or usernames should be separated by just a white space ---

AllowGroups <groupname....(s)>
e.g. AllowGroups sysadm wheel

AllowUsers localadmin sysadm
e.g. AllowUsers <username....(s)>

4) After editing the file, start the service by using the command --

# service sshd start

Now you should be able to use the SSH for both the purpose. Regarding sftp, you can get enough help from the man page itself.

If you need further help, do let me know.....



Cheers...

ATUL
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

FTP/TELNET on linux, not working

I'm trying to ftp to my linux box from windows and from unix and its not working. I can telnet just fine, but ftp doesn't work. Where should I start looking? What config file is it that controls the ftp? Why does telnet work and ftp not? I'm using redhat 6.1, samba's working for browsing the... (33 Replies)
Discussion started by: kymberm
33 Replies

2. Linux

Linux as FTP & Mail server

How do i setup my linux server to act as a internal ftp server. i have 30 machines who would want to log onto external ftp servers ( for hosting and stuff ). They would have to go through a ftp server on the network server to get outside to the internet? What program on linux would i use How... (6 Replies)
Discussion started by: perleo
6 Replies

3. Linux

Linux 7.3 & Sun Solaris 8 - common account login

is it possible to have an common login account for both linux and Solaris? Having problem in logging into linux, unable to load completely. home directory residue in Solaris 8, export out. No NIS running, only NFS in place. (6 Replies)
Discussion started by: jennifer
6 Replies

4. UNIX for Advanced & Expert Users

diable telnet & ftp

Hi All, I need to stop all the services for telnet & FTP as we want our server to be more secure. Please give me some steps for jumping to SSH protocol. How can i disable telnet & ftp service on my server. (1 Reply)
Discussion started by: pradeep_desh
1 Replies

5. Linux

how to configure linux AS4 as a router

Hi, anybody show me how to configure linux AS4 as a router. my linux server has 2 NICs, one connects to DSL modem (10.0.0.0/24) , and other one connects to private LAN (192.168.1.0/24). TIA Bong (2 Replies)
Discussion started by: bong02
2 Replies

6. UNIX for Dummies Questions & Answers

How to reactivate expired account in Linux as a root user

I am an administrator of a Red Hat Enterprise Linux system. Now one account expired. I wonder how to reactivate the account. Thanks (2 Replies)
Discussion started by: cy163
2 Replies

7. AIX

Can't login root account due to can't find root shell

Hi, yesterday, I changed root's shell in /etc/passwd, cause a mistake then I can not log in root account (can't find correct shell). I attempted to log in single-mode, however, it prompted for single-mode's password then I type root's password but still can not log in. I'm using AIX 5L version 5.2... (2 Replies)
Discussion started by: neikel
2 Replies

8. UNIX for Advanced & Expert Users

Different root password between ftp and telnet

Hello All, I hope somebody can help me I used to work to client using solaris 2.5.1 using telnet to explore disk and ftp to archive data. There is one tester which I can connect using root password using putty but always keep rejecting me when i'm using root password using FTP. Are the... (7 Replies)
Discussion started by: sawrio
7 Replies

9. Red Hat

startx by non-root user account in red hat linux kernel 2.6

How can I use the command "startx" by other user account such as "oracle" ?? I cannot startx by user account oracle ?? How to fix it ??? Any adivce ??? I use red hat linux kernel 2.6 $ startx Fatal server error: PAM authentication failed, cannot start X server. Perhaps you do... (0 Replies)
Discussion started by: chuikingman
0 Replies

10. Red Hat

RHEL 6 plain telnet & ftp servers

I am being pushed from AIX onto RHEL 6 and after our first 'chuck it on' install, I have a problem. Where is the old (okay insecure) telnet & ftp server? I know that they are probably regarded as archaic now, but the source servers do not have the SSH tools, so I've got to somehow transfer the... (4 Replies)
Discussion started by: rbatte1
4 Replies

LEARN ABOUT PLAN9

krb5_auth_rules

krb5_auth_rules(5)					Standards, Environments, and Macros					krb5_auth_rules(5)

NAME

       krb5_auth_rules - Overview of Kerberos V5 authorization

DESCRIPTION

       When  a	user  uses  kerberized	versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
       claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user  is  "who
       he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
       is permitted to access the Solaris user account that the client wants to access.

       Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file  should
       contain	a  Kerberos  principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
       the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.

       If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)).  If the  originating
       user's  Kerberos  V5  identity  is  in  the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
       client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
       the originating user is denied access.

       For  example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
       appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database  (see  passwd(4))  with  uid  23154,  then
       access to account jdb-user is granted.  Of course, normally, the target account name in this example would be jdb and not jdb-user.

       Finally,  if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
       be granted access to the account if and only if all of the following are true:

	 o  The user part of the authenticated principal name is the same as the target account name specified by the client.

	 o  The realm part of the client and server are the same.

	 o  The target account name exists on the server.

       For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM,  then  even	if
       jdb  is	a  valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
       differ.

FILES

       ~/.k5login      Per user-account authorization file.

       /etc/passwd     System account file. This information may also be in a directory service. See passwd(4).

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)

NOTES

       To avoid security problems, the ~/.k5login file must be owned by the remote user.

SunOS 5.10							    13 Apr 2004 						krb5_auth_rules(5)
All times are GMT -4. The time now is 05:04 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy