01-25-2007
Deny root rlogin
Hi,
I have to forbid root-logins on all my servers, expect from two machines, these 2 machines login with root without a password
it was quite easy with ssh, but I have a problem regarding rsh/rlogin, an there
are a lot of rsh jobs, so it would take a lot of time to change all this scripts to ssh
it sould work like the sshd_config entry: "PermitRootLogin without-password" just for rsh
telnet is deactivated
I cannot install an ip-wrapper (well I can but I shouldn't
![Smilie Smilie](https://www.unix.com/images/smilies/smile.gif)
) , so I have to realise this just with base AIX tools, I searched for a day, but couldn't find a solution for my problem
I hope you guys can help
(AIX5.3 ML 03 and AIX5.3 TL 05 fp4)
thanks in advance
funksen
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
using redhat 7.2
Is it possible to not allow root to ssh into the server remotely, but allow the account that ssh'd in to the box to su to root? This way there is the added security of a hacker needing two passwords to hack your computer, a username/password for a regular account and also the... (3 Replies)
Discussion started by: theDirtiest
3 Replies
2. UNIX for Dummies Questions & Answers
I want to be able to rlogin from one SunOS box to another SunOS box as root. Additionally, I do not want to type in my password everytime. I get the ole' "Not on system console" message when I try it. I remember running into this a couple of years ago, and was able to overcome it. However, I can't... (3 Replies)
Discussion started by: cdunavent
3 Replies
3. UNIX for Dummies Questions & Answers
Hi all
I'm using an AIX 5 machine.
I'm trying to telnet from this machine to another Aix machine.
When I use the "root" user - Everything works.
I can telnet successfully the other machine
When I use another user but root - I can't telnet the machine:
noah@logist:/home/noah>telnet aixtst... (2 Replies)
Discussion started by: sunbird
2 Replies
4. Solaris
Hi folks,
Lately, i was asked to install some software on a sunos 5.9. The problem is that i cannot setup the r services for the installation to work properly : rlogin/rsh root without password.
It keeps on bumping me login incorrect when i try to rlogin/rsh it with root ...
I wonder why... (3 Replies)
Discussion started by: andryk
3 Replies
5. UNIX for Dummies Questions & Answers
All,
I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
Discussion started by: bubba112557
2 Replies
6. AIX
Hello everyone
I have to limit the root logins on my aix box (aix 5.3)
I change the value on the /etc/security/user
default (login and rlogin) change to false
and add to root (rlogin and login = false)
I tried in different ways but I got the same.
Root still can login
I try algo... (6 Replies)
Discussion started by: lo-lp-kl
6 Replies
7. Solaris
I'm attempting to deny a user's ability to login as root through any remote means - ie telnet or ssh. I've read most of the threads that I can find on this site and I've looked at BigAdmin on Sun's site. I have done what has been suggested here and on BigAdmin which is to make sure that the line... (5 Replies)
Discussion started by: gonzotonka
5 Replies
8. Solaris
Hi All
After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file... (2 Replies)
Discussion started by: sb200
2 Replies
9. AIX
Is there a way to deny access to a specific remote login option.
example:
usera--deny telnet access but keep rsh and rlogin
userb--keeps telnet, rsh, and rlogin
I'm basically trying to contol the access per services instead of changing the LOGIN REMOTELY(rsh,tn,rlogin) option to yes or no. (12 Replies)
Discussion started by: leemalloy
12 Replies
10. UNIX for Dummies Questions & Answers
Hi there,
For /etc/hosts.deny was it used to deny access from the internet? (2 Replies)
Discussion started by: alvinoo
2 Replies
.K5LOGIN(5) File Formats Manual .K5LOGIN(5)
NAME
.k5login - Kerberos V5 acl file for host access.
DESCRIPTION
The .k5login file, which resides in a user's home directory, contains a list of the Kerberos principals. Anyone with valid tickets for a
principal in the file is allowed host access with the UID of the user in whose home directory the file resides. One common use is to place
a .k5login file in root's home directory, thereby granting system administrators remote root access to the host via Kerberos.
EXAMPLES
Suppose the user "alice" had a .k5login file in her home directory containing the following line:
bob@FUBAR.ORG
This would allow "bob" to use any of the Kerberos network applications, such as telnet(1), rlogin(1), rsh(1), and rcp(1), to access alice's
account, using bob's Kerberos tickets.
Let us further suppose that "alice" is a system administrator. Alice and the other system administrators would have their principals in
root's .k5login file on each host:
alice@BLEEP.COM
joeadmin/root@BLEEP.COM
This would allow either system administrator to log in to these hosts using their Kerberos tickets instead of having to type the root pass-
word. Note that because "bob" retains the Kerberos tickets for his own principal, "bob@FUBAR.ORG", he would not have any of the privileges
that require alice's tickets, such as root access to any of the site's hosts, or the ability to change alice's password.
SEE ALSO
telnet(1), rlogin(1), rsh(1), rcp(1), ksu(1), telnetd(8), klogind(8)
.K5LOGIN(5)