09-21-2009
Force user to use ssh/prevent telnet access
I have just set up a user on our system HP-Thru64. The user needs to be able to su to root after they login and this works fine. Users cannot login from root externally so you have to first connect as a user and then su. I am wondering is it possible for me to prevent the user from having telnet access over port 23 and force them to use port 22. Currently a user can login in using regular telnet and then su which I figure is dangerous, I would like them to have to use ssh (port 22).
Also is it possible to force a user to have ftp access only, actually I should say sftp.
Thanks in advance
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Just took over a UNIX Server from someone who left our company.
Having problems with access by some existing users as well as new users.
I get the following message from telnet sessions, when attempting access at the "Login:" prompt:
"UX:in.login:ERRO: Login incorrect"
"telnetd:Unable to... (2 Replies)
Discussion started by: Vincent Garcia
2 Replies
2. Cybersecurity
Hi,
We have a user who needs to connect to us over the internet using an ssh client. We use HP-UX 11.00.
We set up a home directory with login and password for them. We would not want to give them full roaming access for the server ie, they should not be able to cd up the directory tree.
... (2 Replies)
Discussion started by: Bab00shka
2 Replies
3. Shell Programming and Scripting
Hi,
I am writing a script on Solaris 10 and want to execute a remote ssh command. Normally this command should just return the value 0000000000002356 but when using ssh it seems it is passing the result to the shell to execute.
ssh root@10.5.112.145 `/usr/bin/nawk -F\, '$1=="USG" && $2=="01"... (3 Replies)
Discussion started by: borderblaster
3 Replies
4. UNIX for Advanced & Expert Users
I have one shell script which is being accessed by many jobs at same time.
I want to make the script such that , other job should wait for the script if script is being used by some other job. Is there any way to implement it in script level ?
Gops (1 Reply)
Discussion started by: Gopal_Engg
1 Replies
5. Shell Programming and Scripting
Hi Team,
we have problem with sftp. Though SA team has setup the keys between 2 server, sftp still prompts for the password. After many attempt to rectify the problem, SA has asked us force the SSH key based authentication by using following command.
sftp2 --indetity="folder/private_key"... (6 Replies)
Discussion started by: ace_friends22
6 Replies
6. AIX
Hello everyone,
Can anyone help me please. I want to disable SSH direct access for an AIX user.
For example, if I have USER1 and USER2. I want to disactivate direct access for USER2. The user must enter his login (USER1) and his password and then he can do su - USER2 .
Thanks, (3 Replies)
Discussion started by: adilyos
3 Replies
7. Red Hat
does anyone know how to force ssh/ssl to use the hosts file instead of DNS? I have disabled the DNS servers but ssh still will not resolve a host in the hosts file.
thanks in advance for the help!
DS (3 Replies)
Discussion started by: derrell simpson
3 Replies
8. Shell Programming and Scripting
I want to test the effectiveness of sshguard on some of my systems so I'm trying to write a script that simulates a brute force attack by sending a bunch of different username and password combinations to the servers being tested. So far I have this:
#!/usr/local/bin/expect
set timeout 3... (5 Replies)
Discussion started by: ph0enix
5 Replies
9. IP Networking
I would like to disable X11 session forcefully. I have tried the following things:
1. Setting appropriate DISPLAY variable in the /etc/environment file to be "0.0"
2. I have tried setting the sshd_config parameter X11Forwarding to be "no"
This session communication is happening by exchanging... (2 Replies)
Discussion started by: vaibhavvsk
2 Replies
10. UNIX for Advanced & Expert Users
Hi Experts,
Need your support
Redhat 6.5
I want to create a user with all(read, write, execute) privileges except that user should not be able to create any new user from his login
to perform any task. (10 Replies)
Discussion started by: as7951
10 Replies
CHSH(1) User Commands CHSH(1)
NAME
chsh - change login shell
SYNOPSIS
chsh [options] [LOGIN]
DESCRIPTION
The chsh command changes the user login shell. This determines the name of the user's initial login command. A normal user may only change
the login shell for her own account; the superuser may change the login shell for any account.
OPTIONS
The options which apply to the chsh command are:
-h, --help
Display help message and exit.
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
-s, --shell SHELL
The name of the user's new login shell. Setting this field to blank causes the system to select the default login shell.
If the -s option is not selected, chsh operates in an interactive fashion, prompting the user with the current login shell. Enter the new
value to change the shell, or leave the line blank to use the current one. The current shell is displayed between a pair of [ ] marks.
NOTE
The only restriction placed on the login shell is that the command name must be listed in /etc/shells, unless the invoker is the superuser,
and then any value may be added. An account with a restricted login shell may not change her login shell. For this reason, placing /bin/rsh
in /etc/shells is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell
back to its original value.
FILES
/etc/passwd
User account information.
/etc/shells
List of valid login shells.
/etc/login.defs
Shadow password suite configuration.
SEE ALSO
chfn(1), login.defs(5), passwd(5).
shadow-utils 4.5 01/25/2018 CHSH(1)