Hi Everyone,
I want to know is it possible, restrict user login to AIX by IP and user name?
e.g.
user alice can login to AIX (via ssh or telnet) from 192.168.1.100
user alice can not login to AIX (via ssh or telnet) from 172.16.1.100
user bob can not login to AIX (via ssh or telnet) from 192.168.1.100
user bob can login to AIX (via ssh or telnet) from 172.16.1.100
--
Thanks for reading.
Hi dukessd,
Thanks for your reply.
But when I use AIX filtering (ipsec) , I only can restrict IP address.
How to restrict specific user login?
for example:
user alice can login to AIX (via ssh or telnet) from 192.168.1.100
user bob can not login to AIX (via ssh or telnet) from 192.168.1.100
I do not want all user can not login to AIX from 192.168.1.100
For ssh you can try something like
...
AllowUsers alice@192.168.1.100
...
in your /etc/ssh/sshd_config .
For telnet you can try TCP wrappers.
You first need to install them (maybe even to first compile them).
Then enable them for telnetd in /etc/inetd.conf
Then put the following in /etc/hosts.allow
telnetd : alice@192.168.1.100
and the following in /etc/hosts.deny
telnetd : ALL
I used to do this sort of thing on a aix 4.2 ... So long time ago... Using Madeingermany's solution, not sure now that I used that format in hosts.allow.. It may have been only the IP, I rememberes also using mac addresses to filter...
The trick after ( as say using IP or Mac) was in .profile to check if that user was the one expected ( IP or MAC ) andmaking root own the .profile etc.. I was easy here as these users entered in a menu to access the application and never have the chance to get to a terminal prompt...
You could try to add a condition as you expect different users using same IP...
Thoses were the days without ssh...
So currently I would favor zaxxon's solution
my 2 cents
All the best
Hi MadeInGermany, zaxxon thanks for your help!
that is what exact I need.