Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Problems with disabling remote root login
Operating Systems AIX Problems with disabling remote root login Post 302146152 by veccinho on Monday 19th of November 2007 04:37:59 AM
Old 11-19-2007
Problems with disabling remote root login
Hello!

I'm going through security checklist for AIX 5.3 and i just can't disable remote login for root through ssh.
What i did:
- in /etc/security/user i added a line:
rlogin = false
which works fine when i try to login through telnet
- after installation of openSSH i edited sshd_config - uncommented line: PermitRootLogin yes
- restarted sshd: stopsrc -s sshd, startsrc -s sshd
- then in smit in login controls for root i deleted ALL and added /dev/console (for this i'm not sure if it's correct)

And still I'm able to login remotely as root.

What did i miss?
 

10 More Discussions You Might Find Interesting

1. SCO

Disabling root login

Hy, Coud someone tell me how to disable root login via terminal (only from console should be allowed). There is no ssh installed, only telnet. I created a user which will have permission to su to root, but now i don't know where and what to modify to disable root login? SCO OpenServer 5 ... (1 Reply)
Discussion started by: veccinho
1 Replies

2. Solaris

Remote ssh login as root

I edited my /etc/default/login file and commented the line: # If CONSOLE is set, root can only login on that device. # Comment this line out to allow remote login by root. # #CONSOLE=/dev/console I still cant login thru telnet or ssh. What else do i have to do to be able to login... (14 Replies)
Discussion started by: BG_JrAdmin
14 Replies

3. AIX

disabling telnet login for root only

Hi, I want to disable telnet login for root only so that other users can telnet? Regards, Manoj (8 Replies)
Discussion started by: manoj.solaris
8 Replies

4. SCO

how to disabling root user

dear all, pls give the sollution to disable root login from telnet directly.but it should allow while we type su command (2 Replies)
Discussion started by: prakrithi
2 Replies

5. Solaris

Deny root remote login help

I'm attempting to deny a user's ability to login as root through any remote means - ie telnet or ssh. I've read most of the threads that I can find on this site and I've looked at BigAdmin on Sun's site. I have done what has been suggested here and on BigAdmin which is to make sure that the line... (5 Replies)
Discussion started by: gonzotonka
5 Replies

6. UNIX for Dummies Questions & Answers

etc/ftpd/ftpusers & philosophy of disabling root

we don't have root in our /etc/ftpd/ftpusers and we are getting some pushback from the external auditors about this - specifically as a security risk if a "sniffer" were to catch roots password at the ftp. What do most shops do - disable ftp for root? What do you do to get things to the... (3 Replies)
Discussion started by: LisaS
3 Replies

7. UNIX for Dummies Questions & Answers

Non root login problems in AIX

Hi All, I have setup a non root user on AIX 5.3, using smit. When I try logging on as that user my login screen just disappears. I am using PUTTY. I login to the same box as root no problems. I have tried re-creating several different usernames but get the same effect I have also telneted from a... (2 Replies)
Discussion started by: hansul
2 Replies

8. Solaris

how to login with ssh to remote system with out applying the remote root/usr password

how to login with ssh to remote system with out applying the remote root/user password with rlogin we can ujse .rhosts file but with ssh howits possible plz guide (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies

9. AIX

AIX Disable direct root login problems

I have disabled rlogin for root successfully , but after that i could not login to root from console and could not su to root from other users as it responded as expired account I did not have any admin user but I have managed to recover the situation by accessing rootvg before mounting it, but... (5 Replies)
Discussion started by: majd_ece
5 Replies

10. UNIX for Advanced & Expert Users

Disabling CBC Cipher mode causes login problems

Hi, As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption. To do this, in sshd_config I comment out these lines : Ciphers aes128-cbc,blowfish-cbc,3des-cbc MACS hmac-sha1,hmac-md5 and add... (9 Replies)
Discussion started by: anaigini45
9 Replies

LEARN ABOUT CENTOS

console.perms

console.perms(5)					   System Administrator's Manual					  console.perms(5)

NAME

       console.perms - permissions control file for users at the system console

DESCRIPTION

       /etc/security/console.perms and .perms files in the /etc/security/console.perms.d directory determine the permissions that will be given to
       priviledged users of the console at login time, and the permissions to which to revert when the users  log  out.   They	are  read  by  the
       pam_console_apply helper executable.

       The format is:

       <class>=space-separated list of words

       login-regexp|<login-class> perm dev-glob|<dev-class> 
	       revert-mode revert-owner[.revert-group]

       The revert-mode, revert-owner, and revert-group fields are optional, and default to 0600, root, and root, respectively.

       The  words in a class definition are evaluated as globs if they refer to files, but as regular expressions if they apply to a console defi-
       nition.	Do not mix them.

       Any line can be broken and continued on the next line by using a  character as the last character on the line.

       The login-class class and the login-regexp word are evaluated as regular expressions.  The dev-class and the dev-glob word are evaluated as
       shell-style globs.  If a name given corresponds to a directory, and if it is a mount point listed in /etc/fstab, the device node associated
       with the filesystem mounted at that point will be substituted in its place.

       Classes are denoted by being contained in < angle bracket > characters; a lack of < angle brackets > indicates that the	string	is  to	be
       taken literally as a login-regexp or a dev-glob, depending on its input position.

SEE ALSO

       pam_console(8)
       pam_console_apply(8)
       console.apps(5)

AUTHOR

       Michael K. Johnson <johnsonm@redhat.com>

Red Hat Software						     2005/5/2							  console.perms(5)
All times are GMT -4. The time now is 02:07 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy