Restricting Remote Logins to Specific users
To restrict remote logins to specific users, do the following:
Putting the following code in /etc/profile and /etc/csh.login will keep users not listed in the file /etc/remusers from being able to login from remote location or telnet session. Exclude line numbers in the code and be sure carriage returns are not included in the script files when you add the below code to them or the scripts will not run correctly, giving strange errors. Carriage returns are many times accidently embedded when code is copied from Windows or DOS based machines to Linux based machines.
Line 1 traps SIGINT and SIGQUIT, so users cannot abort the script. Line 2 is a safety, in case you change the /etc/profile before you create the /etc/remusers file. Line 4 only runs the script if the terminal is not local. The "linux" terminal type is used locally. You may need to change this to:
if [ $TERM == "vt100" ]
if you are using serial terminals also. As an alternate, add another if statement that excludes the serial terminal type inside the first if statement to exclude both serial terminals and local terminals. You can determine what terminal type is being used by looking at the value of the TERM variable with the env command after logging in from the terminal in question. Also there are various types of terminals that telnet clients may emulate, so, you will want to be sure not to allow any terminals that a telnet client can emulate.
Line 6 determines if the user who just logged in, $LOGNAME, is listed in the /etc/remusers file. Line 16 reads a line from the user, requiring them to press an end of line key such as RETURN. Line 17 causes the shell to exit.