The login to specific users can be allowed or denied using the file /etc/pam.d/remote. Other network services uses the files /etc/pam.d/sshd or /etc/pam.d/password-auth for allowing or denying the access. Whereas telnet uses the file /etc/pam.d/remote.
Denying telnet login to specific users
1. Add the users you want to deny the telnet login to, in the file /etc/user.deny.
# vi /etc/user.deny user01 user02 user03
2. Add the following line to the /etc/pam.d/remote file to deny telnet login to users mentioned in /etc/user.deny file in stpe 1.
# vi /etc/pam.d/remote auth required pam_listfile.so item=user sense=deny file=/etc/user.deny onerr=succeed
Allowing telnet login to specific users
1. To allow specific users, add the below line to the file /etc/pam.d/remote.
# vi /etc/pam.d/remote auth required pam_listfile.so item=user sense=allow file=/etc/user.deny onerr=succeed
2. To allow telnet access to specific groups, add the below line to the file /etc/pam.d/remote.
# vi /etc/pam.d/remote auth required pam_listfile.so item=group sense=allow file=/etc/user.deny onerr=succeed
Denying telnet login to specific groups
We can also deny specific groups. Similar to above settings add the below line to the file /etc/pam.d/remote.
# vi /etc/pam.d/remote auth required pam_listfile.so item=group sense=deny file=/etc/user.deny onerr=succeed
Troubleshooting telnet logins
Before troubleshooting telnet access from remote server, first try to check if telnet login works locally on the server.
# telnet localhost
You can also check if the iptables are turned on for the telnet port.
# iptables -L -t filter
You can allow access to telnet service through iptables, using below command.
# iptables -A INPUT -p tcp --dport 23 -j ACCEPT