11-19-2007
Problems with disabling remote root login
Hello!
I'm going through security checklist for AIX 5.3 and i just can't disable remote login for root through ssh.
What i did:
- in /etc/security/user i added a line:
rlogin = false
which works fine when i try to login through telnet
- after installation of openSSH i edited sshd_config - uncommented line: PermitRootLogin yes
- restarted sshd: stopsrc -s sshd, startsrc -s sshd
- then in smit in login controls for root i deleted ALL and added /dev/console (for this i'm not sure if it's correct)
And still I'm able to login remotely as root.
What did i miss?
10 More Discussions You Might Find Interesting
1. SCO
Hy,
Coud someone tell me how to disable root login via terminal (only from console should be allowed).
There is no ssh installed, only telnet.
I created a user which will have permission to su to root, but now i don't know where and what to modify to disable root login?
SCO OpenServer 5
... (1 Reply)
Discussion started by: veccinho
1 Replies
2. Solaris
I edited my /etc/default/login file and commented the line:
# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
#CONSOLE=/dev/console
I still cant login thru telnet or ssh.
What else do i have to do to be able to login... (14 Replies)
Discussion started by: BG_JrAdmin
14 Replies
3. AIX
Hi,
I want to disable telnet login for root only so that other users can telnet?
Regards,
Manoj (8 Replies)
Discussion started by: manoj.solaris
8 Replies
4. SCO
dear all,
pls give the sollution to disable root login from telnet directly.but it should allow while we type su command (2 Replies)
Discussion started by: prakrithi
2 Replies
5. Solaris
I'm attempting to deny a user's ability to login as root through any remote means - ie telnet or ssh. I've read most of the threads that I can find on this site and I've looked at BigAdmin on Sun's site. I have done what has been suggested here and on BigAdmin which is to make sure that the line... (5 Replies)
Discussion started by: gonzotonka
5 Replies
6. UNIX for Dummies Questions & Answers
we don't have root in our /etc/ftpd/ftpusers and we are getting some pushback from the external auditors about this - specifically as a security risk if a "sniffer" were to catch roots password at the ftp.
What do most shops do - disable ftp for root?
What do you do to get things to the... (3 Replies)
Discussion started by: LisaS
3 Replies
7. UNIX for Dummies Questions & Answers
Hi All,
I have setup a non root user on AIX 5.3, using smit. When I try logging on as that user my login screen just disappears. I am using PUTTY. I login to the same box as root no problems. I have tried re-creating several different usernames but get the same effect I have also telneted from a... (2 Replies)
Discussion started by: hansul
2 Replies
8. Solaris
how to login with ssh to remote system with out applying the remote root/user password
with rlogin we can ujse .rhosts file
but with ssh howits possible
plz guide (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies
9. AIX
I have disabled rlogin for root successfully , but after that i could not login to root from console and could not su to root from other users as it responded as expired account
I did not have any admin user but I have managed to recover the situation by accessing rootvg before mounting it, but... (5 Replies)
Discussion started by: majd_ece
5 Replies
10. UNIX for Advanced & Expert Users
Hi,
As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
To do this, in sshd_config I comment out these lines :
Ciphers aes128-cbc,blowfish-cbc,3des-cbc
MACS hmac-sha1,hmac-md5
and add... (9 Replies)
Discussion started by: anaigini45
9 Replies
LEARN ABOUT DEBIAN
sss_ssh_authorizedkeys
SSS_SSH_AUTHORIZEDKE(1) SSSD Manual pages SSS_SSH_AUTHORIZEDKE(1)
NAME
sss_ssh_authorizedkeys - get OpenSSH authorized keys
SYNOPSIS
sss_ssh_authorizedkeys [options] USER
DESCRIPTION
sss_ssh_authorizedkeys acquires SSH public keys for user USER and outputs them in OpenSSH authorized_keys format (see the "AUTHORIZED_KEYS
FILE FORMAT" section of sshd(8) for more information).
sshd(8) can be configured to use sss_ssh_authorizedkeys for public key user authentication if it is compiled with support for either
"AuthorizedKeysCommand" or "PubkeyAgent" sshd_config(5) options.
If "AuthorizedKeysCommand" is supported, sshd(8) can be configured to use it by putting the following directive in sshd_config(5):
AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
If "PubkeyAgent" is supported, sshd(8) can be configured to use it by using the following directive for sshd(8) configuration:
PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u
This is an experimental feature, please use http://fedorahosted.org/sssd to report any issues.
OPTIONS
-d,--domain DOMAIN
Search for user public keys in SSSD domain DOMAIN.
-h,--help
Display help message and exit.
SEE ALSO
sshd(8), sshd_config(5), sss_ssh_knownhostsproxy(1).
AUTHORS
The SSSD upstream - http://fedorahosted.org/sssd
SSSD
03/04/2013 SSS_SSH_AUTHORIZEDKE(1)