Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Problems with disabling remote root login
Operating Systems AIX Problems with disabling remote root login Post 302146152 by veccinho on Monday 19th of November 2007 04:37:59 AM
Old 11-19-2007
Problems with disabling remote root login
Hello!

I'm going through security checklist for AIX 5.3 and i just can't disable remote login for root through ssh.
What i did:
- in /etc/security/user i added a line:
rlogin = false
which works fine when i try to login through telnet
- after installation of openSSH i edited sshd_config - uncommented line: PermitRootLogin yes
- restarted sshd: stopsrc -s sshd, startsrc -s sshd
- then in smit in login controls for root i deleted ALL and added /dev/console (for this i'm not sure if it's correct)

And still I'm able to login remotely as root.

What did i miss?
 

10 More Discussions You Might Find Interesting

1. SCO

Disabling root login

Hy, Coud someone tell me how to disable root login via terminal (only from console should be allowed). There is no ssh installed, only telnet. I created a user which will have permission to su to root, but now i don't know where and what to modify to disable root login? SCO OpenServer 5 ... (1 Reply)
Discussion started by: veccinho
1 Replies

2. Solaris

Remote ssh login as root

I edited my /etc/default/login file and commented the line: # If CONSOLE is set, root can only login on that device. # Comment this line out to allow remote login by root. # #CONSOLE=/dev/console I still cant login thru telnet or ssh. What else do i have to do to be able to login... (14 Replies)
Discussion started by: BG_JrAdmin
14 Replies

3. AIX

disabling telnet login for root only

Hi, I want to disable telnet login for root only so that other users can telnet? Regards, Manoj (8 Replies)
Discussion started by: manoj.solaris
8 Replies

4. SCO

how to disabling root user

dear all, pls give the sollution to disable root login from telnet directly.but it should allow while we type su command (2 Replies)
Discussion started by: prakrithi
2 Replies

5. Solaris

Deny root remote login help

I'm attempting to deny a user's ability to login as root through any remote means - ie telnet or ssh. I've read most of the threads that I can find on this site and I've looked at BigAdmin on Sun's site. I have done what has been suggested here and on BigAdmin which is to make sure that the line... (5 Replies)
Discussion started by: gonzotonka
5 Replies

6. UNIX for Dummies Questions & Answers

etc/ftpd/ftpusers & philosophy of disabling root

we don't have root in our /etc/ftpd/ftpusers and we are getting some pushback from the external auditors about this - specifically as a security risk if a "sniffer" were to catch roots password at the ftp. What do most shops do - disable ftp for root? What do you do to get things to the... (3 Replies)
Discussion started by: LisaS
3 Replies

7. UNIX for Dummies Questions & Answers

Non root login problems in AIX

Hi All, I have setup a non root user on AIX 5.3, using smit. When I try logging on as that user my login screen just disappears. I am using PUTTY. I login to the same box as root no problems. I have tried re-creating several different usernames but get the same effect I have also telneted from a... (2 Replies)
Discussion started by: hansul
2 Replies

8. Solaris

how to login with ssh to remote system with out applying the remote root/usr password

how to login with ssh to remote system with out applying the remote root/user password with rlogin we can ujse .rhosts file but with ssh howits possible plz guide (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies

9. AIX

AIX Disable direct root login problems

I have disabled rlogin for root successfully , but after that i could not login to root from console and could not su to root from other users as it responded as expired account I did not have any admin user but I have managed to recover the situation by accessing rootvg before mounting it, but... (5 Replies)
Discussion started by: majd_ece
5 Replies

10. UNIX for Advanced & Expert Users

Disabling CBC Cipher mode causes login problems

Hi, As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption. To do this, in sshd_config I comment out these lines : Ciphers aes128-cbc,blowfish-cbc,3des-cbc MACS hmac-sha1,hmac-md5 and add... (9 Replies)
Discussion started by: anaigini45
9 Replies

LEARN ABOUT DEBIAN

kf

KF(1)							    BSD General Commands Manual 						     KF(1)

NAME

     kf -- securely forward tickets

SYNOPSIS

     kf [-p port | --port=port] [-l login | --login=login] [-c ccache | --ccache=ccache] [-F | --forwardable] [-G | --no-forwardable]
	[-h | --help] [--version] host ...

DESCRIPTION

     The kf program forwards tickets to a remote host through an authenticated and encrypted stream.  Options supported are:

     -p port, --port=port
	     port to connect to

     -l login, --login=login
	     remote login name

     -c ccache, --ccache=ccache
	     remote cred cache

     -F, --forwardable
	     forward forwardable credentials

     -G, --no-forwardable
	     do not forward forwardable credentials

     -h, --help

     --version

     kf is useful when you do not want to enter your password on a remote host but want to have your tickets one for example AFS.

     In order for kf to work you will need to acquire your initial ticket with forwardable flag, i.e.  kinit --forwardable.

     telnet is able to forward tickets by itself.

SEE ALSO

     kinit(1), telnet(1), kfd(8)

Heimdal 							   July 2, 2000 							   Heimdal
All times are GMT -4. The time now is 07:42 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy