Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Blocking ftp users to connect using telnet
Top Forums UNIX for Dummies Questions & Answers Blocking ftp users to connect using telnet Post 63264 by Perderabo on Wednesday 23rd of February 2005 05:07:09 PM
Old 02-23-2005
Quote:
Originally Posted by thumsup9
one other way:
go to the user's
".bash_profile" and adding in the line "exit" at the very end of the file.
It will act like it is starting a telnet session, then will drop them.

/home/username/.bash_profile is the path.
On the very last line type "exit", then save your changes.
But they can ftp in a new .profile and thus defeat this.

I like to use /bin/true and /bin/false for ftp shells. I put "true" in /etc/shells so a user with true can use ftp but cannot log in. If I want to lock them out of ftp as well, I can just switch the shell to "false".
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

How to Re-connect to floating telnet sessions

We use SCO OSR5 with TermLIte to create telnet sessions. If you accidently click X on the TermLite screen and exit the session you leave process running. I've heard of a program that will allow you to re-connect to these 'floating' sessions and then be able to carry on your session. Does anyone... (2 Replies)
Discussion started by: mikeh
2 Replies

2. Solaris

connect whit Telnet without password

It's possible to connect whit Telnet (or rlogin) whithout password??? I must write a script (this script run on a windows machine), then after the connection on Unix machine, run a perl script and exit. I can know if an host can be consedered "Trusted" like SSH protocol? Thanks! (2 Replies)
Discussion started by: raffyTxT
2 Replies

3. UNIX for Dummies Questions & Answers

telnet, ftp is running but can't connect from outside

Yesterday, I and all my users couldn't connect to my server using ssh, telnet or ftp even though they were running (keep getting "connection timed out" error message). This morning, my partner logon from the main console, restarted sshd and xinetd (I belive he didnt restarted the server), now I... (0 Replies)
Discussion started by: Micz
0 Replies

4. Shell Programming and Scripting

ftp script not able to connect to ftp server.

I have the following ftp script to get files from a remote location. However, on running the script I find that I am not even able to connect to ftp server. I am able to connect to ftp server using other GUI ftp tools like WS_FTP using the same IP. IP used here is a dummy IP. What can go... (3 Replies)
Discussion started by: gram77
3 Replies

5. UNIX for Dummies Questions & Answers

Blocking FTP login at Solaris

Hi, We have an application which runs on telnet port, application structure is file based, we have to give write permissions to all the users to all files so that they can work on the system. Recently we have noticed that all ordinary users can login through ftp and delete any file (... (7 Replies)
Discussion started by: nervous
7 Replies

6. Solaris

Non-blocking connect readability & writeability

Hello, When using a non-blocking connect, is it _guaranteed_ that connection completion can be detected by selecting for writeability? I have encountered situations where the socket has returned both readable and writeable at the same time - having trawled the net, I have seen some old posts... (1 Reply)
Discussion started by: tristan12
1 Replies

7. UNIX for Dummies Questions & Answers

Which program can I use for blocking unauthorized access via/ssh/ftp

Hi, I need to install a program on my Centos 5.3 server that will block unauthorized ssh/ftp access attempts. The two features I require is that I should be able to configure the program to block the IP of the intruder after a a certain amount of access attempts and that it should display a... (3 Replies)
Discussion started by: mojoman
3 Replies

8. Programming

non blocking connect

OS : solaris 10 X86 I created stream socket, tries to connect to port 7 on the remote machine. After doing the non blocking connect call I did select with time out value is 3 secs. I am always getting timed out though I am writing prior to select. code: x=fcntl(S,F_GETFL,0);... (1 Reply)
Discussion started by: satish@123
1 Replies

9. AIX

ftp connect in passive mode , ftp settings

how to connect to ftp server in passive mode? ftp server.abc and how can i see ftp settings, doesn't exist some ftpd.conf there is some other file where i check the options and configurations of ftp server? Thanks (3 Replies)
Discussion started by: prpkrk
3 Replies

10. Programming

Looping connect call for a non blocking socket

will there be any unexpected results on looping connect call for a non blocking socket to determine the connection based on error code. I am getting connection unsuccessful intermittently and so wondering whether is the timeout 500 millisec not sufficient or looping connect cause any unexpected. ... (7 Replies)
Discussion started by: satish@123
7 Replies

LEARN ABOUT CENTOS

socks_clients

SOCKS_CLIENTS(1)					      General Commands Manual						  SOCKS_CLIENTS(1)

NAME

       rfinger - SOCKS client version of finger
       rftp - SOCKS client version of ftp
       rtelnet - SOCKS client version of telnet
       rwhois - SOCKS client version of whois

SYNOPSIS

       See the man pages on finger(1), ftp(1), telnet(1), whois(1).

DESCRIPTION

       These  programs provide the well-known functionalities to hosts within a firewall. Normally, when a firewall is constructed, IP-accessibil-
       ity across the firewall is cut off to reduce security risk to hosts within the firewall. As a result, inside hosts can no longer  use  many
       of the well-known tools directly to access the resources outside the firewall.

       These  programs restore the convenience of the well-known tools while maintaining the security requirement. Though the programs differ very
       much from their counterparts in the use of the communication scheme, they should behave almost indistinguishable to the users. Note  though
       that  rftp does echo the password as you type it in if you are using anonymous as log-in name. Unlike those of the previous versions, these
       are "versatile" clients, meaning that they can be used for connections to inside hosts directly	and  to  outside  hosts  via  SOCKS  proxy
       servers. So they can be used as replacements of their traditional counterparts.

       When any of these programs starts, if the environment variable SOCKS_BANNER is defined, the program prints to stderr its version number and
       the name or IP address of its default SOCKS proxy server.  It then consults the configuration file to determine whether a request should be
       allowed	or denied based on the requesting user, the destination host, and the requested service. For allowable requests, the configuration
       file also dictates whether direct or proxy connection should be used to the given destination, and optionally the actual SOCKS  servers	to
       use for the proxy connection.  The program lookps first for the frozen configuration file /etc/socks.fc first. If that's not found, it then
       looks for the file /etc/socks.conf.  If both files are absent, these programs will only try direct connections to  the  destination  hosts,
       making them behaving like their regular counterparts.

       You  can  use  environment  variable SOCKS_NS to set the nameserver for domainname resolutions. Be sure you use the IP address of the name-
       server you want to use, not its domainname. If SOCKS_NS doesn't exist, the IP address defined by the  symbol  SOCKS_DEFAULT_NS  at  compile
       time is used if the programs were compiled with that symbol defined. Otherwise the nameservers specified in /etc/resolv.conf are used.

       All  the client programs uses syslog with facility daemon and level notice to log their activities.  These log lines usually appear in file
       /var/adm/messages though that can be changed by modifying /etc/syslog.conf. (See syslogd(8) and syslog.conf(5).)  Typical lines look like

	Apr 11 10:02:23 eon rfinger[631]: connect() from don(don) to abc.com (finger) using sockd at socksserv
	May 10 08:39:07 eon rftp[603]: connect() directly from blue(blue) to xyz.edu (ftp)
	May 10 08:39:09 eon rftp[603]: bind() directly from blue(blue) for xyz.edu (ftp)
	May 18 13:31:19 eon rtelnet[830]: connect() from root(jon) to xyz.edu (telnet) using sockd at sockd2
	May 18 14:51:19 eon rtelnet[921]: refused -- connect() from jon(jon) to xyz.edu (telnet)

       Of the two user-ids appearing in each log line, the first is the effective user-id when the program is invoked, the second (that within the
       parentheses) is the one used at login. Access control applies to the effective user-ids.

SEE ALSO

       finger(1),  ftp(1), sockd(8), sockd.conf(5), socks.conf(5), telnet(1), whois(1)

ENVIRONMENT

       SOCKS_SERVER,  if  defined,  specifies the name or IP address of the SOCKS proxy server host to use, overriding the default server compiled
       into the programs.

       SOCKS_NS, if defined, specify the IP address of the domain nameserver that should be used for name resolution, overriding both the  defini-
       tion of symbol SOCKS_DEFAULT_NS and the file /etc/resolv.conf.

       ORIG_FINGER,  if  defined,  specified  the  (altered)  full  pathname of the original finger program, which should have been renamed before
       installing the rfinger as the regular finger. The rfinger program invokes the original finger program to lookup information on local users.
       Normally  this  name should be compiled directly into rfinger, avoiding the need for this environment variable. Use ORIG_FINGER only if you
       want to override what is compiled into rfinger.

AUTHOR

       David Koblas, koblas@netcom.com

       Ying-Da Lee, ylee@syl.dl.nec.com

								    May 6, 1996 						  SOCKS_CLIENTS(1)
All times are GMT -4. The time now is 09:30 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy