I have a Solaris 2.6 Ultra-10 at work and I want to
prevent users from logging into my machine. I dont want
to run in single-user mode. Is there a way to disable rlogin or telnet over to my
machine?
Edit /etc/inetd.conf and comment out the shell, login, exec, telnet and ftp
lines. As a matter of fact, comment everything else out as well.
Eric
Comment everything out and the question becomes, is the box still usable?
I've got everything on this box commented out. We start sshd from a script
in rc2.d/. All commenting out things does is stop inetd from starting any
server daemons when a port is opened.
Also it may be desirable to leave either telnet or ssh
running, but move
them to a non-standard port. That way he can access his own system
remotely.
True. I guess I just assume everyone runs ssh now. :) I'd recommend against
telent or rlogin regardless of what port you use. Just too dangerous to
have plain text passwords traveling over ethernet, even if it never
gets outside of the company firewall. You never can tell if that windows box
next door has a packet sniffer.
Eric