Preventing users from loggin into a unix box

From: Eric J. Korpela <korpela_at_ellie.ssl.berkeley.edu>
Date: Thu Apr 19 16:15:37 2001

> > > I have a Solaris 2.6 Ultra-10 at work and I want to prevent users from logging into my machine. I dont want
> > > to run in single-user mode. Is there a way to disable rlogin or telnet over to my machine?
> >
> > Edit /etc/inetd.conf and comment out the shell, login, exec, telnet and ftp
> > lines. As a matter of fact, comment everything else out as well.
> >
> > Eric
>
> Comment everything out and the question becomes, is the box still usable?

I've got everything on this box commented out. We start sshd from a script
in rc2.d/. All commenting out things does is stop inetd from starting any
server daemons when a port is opened.

> Also it may be desirable to leave either telnet or ssh running, but move
> them to a non-standard port. That way he can access his own system
> remotely.

True. I guess I just assume everyone runs ssh now. :) I'd recommend against
telent or rlogin regardless of what port you use. Just too dangerous to
have plain text passwords traveling over ethernet, even if it never
gets outside of the company firewall. You never can tell if that windows box
next door has a packet sniffer.

Eric
Received on Thu Apr 19 2001 - 16:15:37 BST