Restrict User to SSH Clients (both 3rd party and GSW, FIPS 140-2 compliant and non FIPS 140-2)
The variables Gsw_FIPSOnly, EnableRFC854Clients, AllowTelnetWithSSH and LcnOnLoopbackOnly are registry key values. Used in conjunction, with specific values, these Registry keys enable or disable the ability to restrict connection only from SSH clients The keys are:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\AllowTelnetWithSSH
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\EnableRFC854Clients
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\GSW_FIPSOnly
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\LsnOnLoopBackOnly
Set each registry key value to the following
- AllowTelnetWithSSH=0
- EnableRFC854Clients=1
- GSW_FIPSOnly=0
- LsnOnLoopBack=1
Only allow connections from GSW SSH clients (both FIPS 140-2 compliant and non-FIPS 140-2)
The variables GswFIPSOnly, EnableRFC854Clients and AllowTelnetWithSSH are registry key values. Used in conjunction, with specific values, these Registry keys enable or disable the ability to restrict connection only by GSW SSH clients. The keys are:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\AllowTelnetWithSSH
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\EnableRFC854Clients
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\GSW_FIPSOnly
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\LsnOnLoopBackOnly
Set each registry key value to the following
- AllowTelnetWithSSH=0
- EnableRFC854Clients=0
- GSW_FIPSOnly=0
- LsnOnLoopBack=1
Note: After you change the registry values, the new configuration will take effect for all new connections
