How to allow or deny telnet login to specific users only in CentOS/RHEL?

The login to specific users can be allowed or denied using the file /etc/pam.d/remote. Other network services uses the files /etc/pam.d/sshd or /etc/pam.d/password-auth for allowing or denying the access. Whereas telnet uses the file /etc/pam.d/remote.

 

Denying telnet login to specific users

 

1. Add the users you want to deny the telnet login to, in the file /etc/user.deny.

# vi /etc/user.deny
user01
user02
user03

 

2. Add the following line to the /etc/pam.d/remote file to deny telnet login to users mentioned in /etc/user.deny file in stpe 1.

# vi /etc/pam.d/remote
auth   required  pam_listfile.so  item=user  sense=deny  file=/etc/user.deny  onerr=succeed

 

Allowing telnet login to specific users

 

1. To allow specific users, add the below line to the file /etc/pam.d/remote.

# vi /etc/pam.d/remote
auth   required  pam_listfile.so  item=user  sense=allow  file=/etc/user.deny  onerr=succeed

 

2. To allow telnet access to specific groups, add the below line to the file /etc/pam.d/remote.

# vi /etc/pam.d/remote
auth   required  pam_listfile.so  item=group  sense=allow  file=/etc/user.deny  onerr=succeed

 

Denying telnet login to specific groups

 

We can also deny specific groups. Similar to the above settings add the below line to the file /etc/pam.d/remote.

# vi /etc/pam.d/remote
auth   required  pam_listfile.so  item=group  sense=deny  file=/etc/user.deny  onerr=succeed

 

Troubleshooting telnet logins

 

Before troubleshooting telnet access from the remote server, first, try to check if telnet login works locally on the server.

# telnet localhost

 

You can also check if the iptables are turned on for the telnet port.

# iptables -L -t filter

 

You can allow access to telnet service through iptables, using below command.

# iptables -A INPUT -p tcp --dport 23 -j ACCEPT

 

Was this answer helpful? 0 Users Found This Useful (0 Votes)