How can I use PAM to restrict telnet login by user?

linux security authentication telnet pam
5,494

Solution 1

You can use pam_succeed_if in your /etc/pam.d/telnet or similar file:

auth required pam_suceed_if.so user = ${telnet_user} quiet

Where ${telnet_user} is the user allowed to use telnet.

But, if you weren't aware, telnet is a Bad Thing. The allowed account's details can easily be sniffed and may enable other people to use the account. Really do you SSH if at all possible.

Edit: Whoops, fudged the logic. Thanks joeforker.

Solution 2

You could use pam_localuser:

http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_localuser.html

of for a more flexible approach, pam_listfile:

http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_listfile.html

Both basically look for allowed/forbidden usernames in a local file and check logins against that.

Share:
5,494

Related videos on Youtube

joeforker
Author by

joeforker

How much rep do I need to get an epic mount?

Updated on September 17, 2022

Comments

  • joeforker
    joeforker over 1 year

    Regrettably I need to enable telnet for a single user on a Linux machine. Everyone else will have to use ssh.

    How do I configure PAM to restrict which users may login via the telnet server?

  • AWesley
    AWesley almost 15 years
    +1 for "telnet is a Bad Thing"
  • Teddy
    Teddy almost 15 years
    Unless, of course, you're using IPsec. Then SSH becomes an unnecessary CPU drain.
  • Dan Carley
    Dan Carley almost 15 years
    Arguably, if you're putting enough data over an interactive shell for it to make the difference, then there's probably a better way to achieve what you're doing.
  • joeforker
    joeforker almost 15 years
    I'm using RHEL5, I added a telnet group and 'auth required pam_succeed_if.so quiet user ingroup telnet' as the second non-comment line in /etc/pam.d/remote. It works!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to customize telnet login prompt on linux
SSH authentication: either SSH keys or one time password
How can I use a passcode generator for authentication for remote logins?
Is it possible to change password database file(/etc/passwd) in linux?
Is it possible to set user password policy based on group membership in Linux?
how to protect telnet access to smtp port 25?
nginx doesn't seem to recognize "auth_pam" directive
How do I disable password complexity in pam
How do PAM advanced options work, exactly?
/etc/pam.d/login vs. /etc/pam.d/system-auth