General discussion

Locked

Question about Telnet:

By choth ·
Dear Sir or Madam:

I have the following question to ask you:
I would like to restrict my students from telneting and change to another students' directories. I would not prefer to change their shell to /bin/true. If I do such a thing they cannottelnet, so I would prefer that they could telnet but they could not use the "cd /" command to go to the high-ranking directories or go to their friends' directories. Thank you so much for your assistance.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Question about Telnet:

by ryan In reply to Question about Telnet:

First, let's talk about this telnet business. You should turn off telnet and install Secure Shell, better known as SSH. www.ssh.com

After that, here's a link to do what you want with SSH, from ssh.com.
http://www.ssh.com/products/ssh/administrator30/Using_Chroot_Manager__ssh-chrootmgr_.html

If you really have to stick with telnet, google found a thread that seems to pretty much cover it in depth:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x59c9c8ecad09d6118ff40090279cd0f9,00.html

-goat

Collapse -

Question about Telnet:

by choth In reply to Question about Telnet:

Dear Sir or Madam:

Thank you so much for your answer, and I do hope that next time I will rate your answer as Acceptable.

Sincerely,

Choth

Collapse -

Question about Telnet:

by Jayanth In reply to Question about Telnet:

Hi,
If Telnet is being used by your students only on your LAN then its fine. If not consider using SSH which uses encrypted sessions and has the same functionalities of Telnet.

Regarding, not allowing your students to CD into other people's directories you could change the 'x' permission on the directories so as not to allow them to change to those directories.

Collapse -

Question about Telnet:

by choth In reply to Question about Telnet:

Dear Sir or Madam:

Thank you so much for your answer, and I do hope that next time I will rate your answer as Acceptable.

Sincerely,

Choth

Collapse -

Question about Telnet:

by aaube In reply to Question about Telnet:

I have heard (but have not tested) that appending "/." (w/o quotes) to the user's home directory setting in /etc/passwd would prevent them from cd'ing out of their home directory.

Again, heard it works, but never tried it.

Also, I concur with the other respondents: dump Telnet, install SSH. From the user perspective, both work almost exactly the same, but SSH is much, much more secure.

Collapse -

Question about Telnet:

by choth In reply to Question about Telnet:

Dear Sir or Madam:

Thank you so much for your answer, and I do hope that next time I will rate your answer as Acceptable. I have already done this step but no way.

Sincerely,

Choth

Collapse -

Question about Telnet:

by servermonkey In reply to Question about Telnet:

You can create a jail for each user where you put only the necessary binary files in each users directory. When they login, either telnet or ssh, and they do a cd /, the jail makes it seem as if they cd'd to / when they only are at /home/username/. There is a little bit of configuration to get it working, but after you have the first one setup, the others move quickly. I have it implemented for ftp users, but I dont see why you cant use it for telnet/ssh. See http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/ftpd.html and also (for ftp) In /etc/ftpaccess, add the line:
restricted-uid username and issue /etc/rc.d/init.d/inet restart

Collapse -

Question about Telnet:

by choth In reply to Question about Telnet:

Poster rated this answer

Collapse -

Question about Telnet:

by SpiderErrol In reply to Question about Telnet:

I recommend setting their shell to a restricted shell such as "/bin/rbash".

This will disable the use of the cd command (among others).

If you have bash on the system, you can usually get "rbash" by sym linking /bin/rbash to point to /bin/bash. Other shells such as csh and sh are similar.

If you are on a RedHat Linux system (and probably many others) "man bash" and looking at the "RESTRICTED SHELL" section will provide you with much relevent infomation.

Don't forget to add /bin/rbash in your /etc/shells file or they won't be allowed to login!

Collapse -

Question about Telnet:

by choth In reply to Question about Telnet:

Poster rated this answer

Back to Linux Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Operating Systems Forums