11-19-2007
Problems with disabling remote root login
Hello!
I'm going through security checklist for AIX 5.3 and i just can't disable remote login for root through ssh.
What i did:
- in /etc/security/user i added a line:
rlogin = false
which works fine when i try to login through telnet
- after installation of openSSH i edited sshd_config - uncommented line: PermitRootLogin yes
- restarted sshd: stopsrc -s sshd, startsrc -s sshd
- then in smit in login controls for root i deleted ALL and added /dev/console (for this i'm not sure if it's correct)
And still I'm able to login remotely as root.
What did i miss?
10 More Discussions You Might Find Interesting
1. SCO
Hy,
Coud someone tell me how to disable root login via terminal (only from console should be allowed).
There is no ssh installed, only telnet.
I created a user which will have permission to su to root, but now i don't know where and what to modify to disable root login?
SCO OpenServer 5
... (1 Reply)
Discussion started by: veccinho
1 Replies
2. Solaris
I edited my /etc/default/login file and commented the line:
# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
#CONSOLE=/dev/console
I still cant login thru telnet or ssh.
What else do i have to do to be able to login... (14 Replies)
Discussion started by: BG_JrAdmin
14 Replies
3. AIX
Hi,
I want to disable telnet login for root only so that other users can telnet?
Regards,
Manoj (8 Replies)
Discussion started by: manoj.solaris
8 Replies
4. SCO
dear all,
pls give the sollution to disable root login from telnet directly.but it should allow while we type su command (2 Replies)
Discussion started by: prakrithi
2 Replies
5. Solaris
I'm attempting to deny a user's ability to login as root through any remote means - ie telnet or ssh. I've read most of the threads that I can find on this site and I've looked at BigAdmin on Sun's site. I have done what has been suggested here and on BigAdmin which is to make sure that the line... (5 Replies)
Discussion started by: gonzotonka
5 Replies
6. UNIX for Dummies Questions & Answers
we don't have root in our /etc/ftpd/ftpusers and we are getting some pushback from the external auditors about this - specifically as a security risk if a "sniffer" were to catch roots password at the ftp.
What do most shops do - disable ftp for root?
What do you do to get things to the... (3 Replies)
Discussion started by: LisaS
3 Replies
7. UNIX for Dummies Questions & Answers
Hi All,
I have setup a non root user on AIX 5.3, using smit. When I try logging on as that user my login screen just disappears. I am using PUTTY. I login to the same box as root no problems. I have tried re-creating several different usernames but get the same effect I have also telneted from a... (2 Replies)
Discussion started by: hansul
2 Replies
8. Solaris
how to login with ssh to remote system with out applying the remote root/user password
with rlogin we can ujse .rhosts file
but with ssh howits possible
plz guide (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies
9. AIX
I have disabled rlogin for root successfully , but after that i could not login to root from console and could not su to root from other users as it responded as expired account
I did not have any admin user but I have managed to recover the situation by accessing rootvg before mounting it, but... (5 Replies)
Discussion started by: majd_ece
5 Replies
10. UNIX for Advanced & Expert Users
Hi,
As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
To do this, in sshd_config I comment out these lines :
Ciphers aes128-cbc,blowfish-cbc,3des-cbc
MACS hmac-sha1,hmac-md5
and add... (9 Replies)
Discussion started by: anaigini45
9 Replies
LEARN ABOUT DEBIAN
xrlogin
XRLOGIN(1) General Commands Manual XRLOGIN(1)
NAME
xrlogin - start an xterm that uses ssh (or optionally rlogin or telnet) to connect to a remote host
SYNOPSIS
xrlogin [-l username] [-rlogin|-telnet] [xterm options] remote-host
DESCRIPTION
Xrlogin opens an xterm window and runs ssh, rlogin or telnet to login to a remote host.
Xrlogin automatically passes the -name argument to xterm with a value of "xterm-hostname" where hostname is the name of the remote host.
This allows the user to specify resources in their server's resource manager which are specific to xterms from a given host. For example,
this feature can be used to make all xterm windows to a given remote host be the same color or use a specific font or start up in a spe-
cific place on the screen. Xrsh(1) passes the same string so they are compatible in this regard.
Xrlogin specifies that the default title for the new xterm will be "hostname" where hostname is the name of the remote host. This and the
-name argument above can be overridden with xterm-options on the command line.
One could also use xrlogin's sister command xrsh(1) to open a window to a remote host. In the case of xrsh, the xterm would run on the
remote host and use X as the connection protocol while xrlogin would run the xterm on the local host and use rlogin or telnet as the con-
nection protocol. See xrsh(1) for a discussion of the merits of each scheme.
OPTIONS
-l username
When not using -telnet, use username as the id to login to the remote host.
-rlogin
Use the rlogin protocol to open the connection. In general rlogin is preferred because it can be configured to not prompt the user
for a password. Rlogin also automatically propagates window size change signals (SIGWINCH) to the remote host so that applications
running there will learn of a new window size.
-telnet
Use the -telnet protocol to open the connection. Use of telnet provided mostly for hosts that don't support rlogin.
COMMON PROBLEMS
Make sure that the local host is specified in the .rhosts file on the remote host or in the remote hosts /etc/hosts.equiv file. See
rlogin(1) for more information.
EXAMPLES
xrlogin -bg red yoda
Start a local red xterm which connects to the remote host yoda using rlogin.
xrlogin -telnet c70
Open a local xterm which connects to the remote host c70 using telnet.
SEE ALSO
xrsh(1), rlogin(1), telnet(1)
AUTHOR
James J. Dempsey <jjd@jjd.com> and Stephen Gildea <gildea@intouchsys.com>.
X Version 11 Release 6 XRLOGIN(1)