Can I restrict IP and AIX account at the same time?


 
Thread Tools Search this Thread
Operating Systems AIX Can I restrict IP and AIX account at the same time?
# 1  
Old 05-10-2016
IBM Can I restrict IP and AIX account at the same time?

Hi Everyone,

I want to know is it possible, restrict user login to AIX by IP and user name?

e.g.

user alice can login to AIX (via ssh or telnet) from 192.168.1.100
user alice can not login to AIX (via ssh or telnet) from 172.16.1.100

user bob can not login to AIX (via ssh or telnet) from 192.168.1.100
user bob can login to AIX (via ssh or telnet) from 172.16.1.100

--
Thanks for reading.
# 2  
Old 05-10-2016
# 3  
Old 05-10-2016
Hi dukessd,

Thanks for your reply.

But when I use AIX filtering (ipsec) , I only can restrict IP address.

How to restrict specific user login?
for example:
user alice can login to AIX (via ssh or telnet) from 192.168.1.100
user bob can not login to AIX (via ssh or telnet) from 192.168.1.100

I do not want all user can not login to AIX from 192.168.1.100
# 4  
Old 05-11-2016
For ssh you can try something like
Code:
...
AllowUsers alice@192.168.1.100
...

in your /etc/ssh/sshd_config.

Last edited by zaxxon; 05-11-2016 at 04:39 AM.. Reason: typo
These 2 Users Gave Thanks to zaxxon For This Post:
# 5  
Old 05-11-2016
For telnet you can try TCP wrappers.
You first need to install them (maybe even to first compile them).

Then enable them for telnetd in /etc/inetd.conf

Then put the following in /etc/hosts.allow
Code:
telnetd : alice@192.168.1.100

and the following in /etc/hosts.deny
Code:
telnetd : ALL

This User Gave Thanks to MadeInGermany For This Post:
# 6  
Old 05-11-2016
I used to do this sort of thing on a aix 4.2 ... So long time ago... Using Madeingermany's solution, not sure now that I used that format in hosts.allow.. It may have been only the IP, I rememberes also using mac addresses to filter...
The trick after ( as say using IP or Mac) was in .profile to check if that user was the one expected ( IP or MAC ) andmaking root own the .profile etc.. I was easy here as these users entered in a menu to access the application and never have the chance to get to a terminal prompt...
You could try to add a condition as you expect different users using same IP...

Thoses were the days without ssh...

So currently I would favor zaxxon's solution

my 2 cents
All the best
# 7  
Old 05-25-2016
Hi MadeInGermany, zaxxon thanks for your help!

that is what exact I need.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Restrict service account from direct interactive sessions

Environment: CentOS 7 I would like to have a solution where a service account can access a server in only these ways: ssh non-interactively via password or ssh key; that is, run commands or scripts (but running anything in /etc/shells will not be allowed) not ssh interactively regular... (2 Replies)
Discussion started by: bgstack15
2 Replies

2. UNIX for Beginners Questions & Answers

How to restrict ftpusers in AIX to home directory?

I need to know how to restrict the ftpusers within their home directory in AIX 7.1 For example for ftpuser nonoftp I have tried putting this entry to /etc/ftpaccess.ctl and refreshed inetd but the directory listing unsuccessful error comes with the entry. Without the ftpaccess.ctl file ftp users... (2 Replies)
Discussion started by: pregmi
2 Replies

3. UNIX for Advanced & Expert Users

IBM directory server - how to restrict AIX client access to read-only

Hello all, I am using IBM Directory Server (as a part of AIX7 extension pack) in an AIX environment. To set up the server I use command: mksecldap -s -a cn=admin -p PWD -S RFC2307AIX -d o=COMPANY -u NONE Then, to set up IDS clients I use the following (I have 2 mutually replicating servers... (0 Replies)
Discussion started by: Myaso
0 Replies

4. AIX

AIX: Could not login using NIS Account?

Hi there, I am new to AIX environment, when I set up NIS Client for an AIX 5.3 Machine to connect to a Linux NIS Master, everything seems to be okie: /etc/passwd: +::0:0::: /etc/group: +: ps -ef | egrep "ypbind": /usr/lib/netsvc/yp/ypbind -ypsetme -ypsetme I can get all account... (0 Replies)
Discussion started by: quanba
0 Replies

5. Solaris

How to Restrict user login after certain time in Solaris??

My OS is Solaris 10, I would like to know if there is any way to restrict user login to the system (either remote or console login) after certain time, say 20:00 on Mon to Fri and whole day on SAT and SUN??? Sorry that I am a new user on Unix System. Any comment is fully appreciated!!! Alex (7 Replies)
Discussion started by: alessandro31
7 Replies

6. Shell Programming and Scripting

How to restrict running one instance of scp at any time in fsniper

How to restrict running one instance of scp at any time? (2 Replies)
Discussion started by: proactiveaditya
2 Replies

7. AIX

How to restrict Highports in AIX 5.2

Hello, I am using wu-ftp 2.4.2 in AIX 5.2. I wanted to restrict high ports for dataconnection. by default dataconnection ports will be from range 1024 to 65536. But i wanted to restrict it to some range like 10000 - 10500. This setting is to enable ports at client firewall. Please let me... (0 Replies)
Discussion started by: balareddy
0 Replies

8. AIX

AIX shell account

I am just wondering if there is a way I can obtain a free shell account for an AIX server that I can make test drive on it. I tried google search and ibm's web site but couldn't find anything.. regards, (2 Replies)
Discussion started by: milhan
2 Replies

9. UNIX for Advanced & Expert Users

how to find creation time of an account?

Hi all, I want to know the time when a perticular user is created, atleat in which year it is created. Could any one help me in this issue. Thanks in advance. Regards, M.Sukumar (1 Reply)
Discussion started by: sukumar
1 Replies

10. UNIX for Dummies Questions & Answers

How to restrict account to one log-in?

Our users have the tendency to use only one login account, to do their jobs. Obvious itīs a matter of training our users. But our internal audit team insists on restrictions from our system. So is there an option to restrict an account to only login once into the system? We use HP-UX 11.0. ... (0 Replies)
Discussion started by: Egroman
0 Replies
Login or Register to Ask a Question