Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Problems with disabling remote root login
Operating Systems AIX Problems with disabling remote root login Post 302146195 by veccinho on Monday 19th of November 2007 09:16:28 AM
Old 11-19-2007
Quote:
Originally Posted by andryk
Hey, is it a typo or ... because im able to ban remote login through ssh with PermitRootLogin no.
I belive root login is granted by default (or with PermitRootLogin yes such as your case).
OMG!
You'll have to forgive me guys... English is not my mother language, but still I'm speaking it relatively well.
But in this case i don't know what i was thinking. Of course, i know what Permit means, but somehow i was translating it as Deny. SmilieSmilieSmilie

Of course, it works when i set it to No.
Unbelievable!

Tnx, andrykSmilie
 

10 More Discussions You Might Find Interesting

1. SCO

Disabling root login

Hy, Coud someone tell me how to disable root login via terminal (only from console should be allowed). There is no ssh installed, only telnet. I created a user which will have permission to su to root, but now i don't know where and what to modify to disable root login? SCO OpenServer 5 ... (1 Reply)
Discussion started by: veccinho
1 Replies

2. Solaris

Remote ssh login as root

I edited my /etc/default/login file and commented the line: # If CONSOLE is set, root can only login on that device. # Comment this line out to allow remote login by root. # #CONSOLE=/dev/console I still cant login thru telnet or ssh. What else do i have to do to be able to login... (14 Replies)
Discussion started by: BG_JrAdmin
14 Replies

3. AIX

disabling telnet login for root only

Hi, I want to disable telnet login for root only so that other users can telnet? Regards, Manoj (8 Replies)
Discussion started by: manoj.solaris
8 Replies

4. SCO

how to disabling root user

dear all, pls give the sollution to disable root login from telnet directly.but it should allow while we type su command (2 Replies)
Discussion started by: prakrithi
2 Replies

5. Solaris

Deny root remote login help

I'm attempting to deny a user's ability to login as root through any remote means - ie telnet or ssh. I've read most of the threads that I can find on this site and I've looked at BigAdmin on Sun's site. I have done what has been suggested here and on BigAdmin which is to make sure that the line... (5 Replies)
Discussion started by: gonzotonka
5 Replies

6. UNIX for Dummies Questions & Answers

etc/ftpd/ftpusers & philosophy of disabling root

we don't have root in our /etc/ftpd/ftpusers and we are getting some pushback from the external auditors about this - specifically as a security risk if a "sniffer" were to catch roots password at the ftp. What do most shops do - disable ftp for root? What do you do to get things to the... (3 Replies)
Discussion started by: LisaS
3 Replies

7. UNIX for Dummies Questions & Answers

Non root login problems in AIX

Hi All, I have setup a non root user on AIX 5.3, using smit. When I try logging on as that user my login screen just disappears. I am using PUTTY. I login to the same box as root no problems. I have tried re-creating several different usernames but get the same effect I have also telneted from a... (2 Replies)
Discussion started by: hansul
2 Replies

8. Solaris

how to login with ssh to remote system with out applying the remote root/usr password

how to login with ssh to remote system with out applying the remote root/user password with rlogin we can ujse .rhosts file but with ssh howits possible plz guide (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies

9. AIX

AIX Disable direct root login problems

I have disabled rlogin for root successfully , but after that i could not login to root from console and could not su to root from other users as it responded as expired account I did not have any admin user but I have managed to recover the situation by accessing rootvg before mounting it, but... (5 Replies)
Discussion started by: majd_ece
5 Replies

10. UNIX for Advanced & Expert Users

Disabling CBC Cipher mode causes login problems

Hi, As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption. To do this, in sshd_config I comment out these lines : Ciphers aes128-cbc,blowfish-cbc,3des-cbc MACS hmac-sha1,hmac-md5 and add... (9 Replies)
Discussion started by: anaigini45
9 Replies

LEARN ABOUT REDHAT

mkxauth

mkxauth(1x)							Linux User's Manual						       mkxauth(1x)

NAME

       mkxauth - create and merge .Xauthority files

SYNOPSIS(1) mkxauth [ -q ] [ -u login ] -c [ host [ host ... ] ]

       (2) mkxauth [ -q ] [ -u login ] -m login(3) mkxauth [ -q ] [ -u login ] -f host(4) mkxauth [ -q ] [ -u login ] -r host [ -l login ]

       (5) mkxauth [ -q ] [ -u login ] -z host [ -l login ]

DESCRIPTION

       mkxauth	aids  in the creation and maintenance of X authentication databases (.Xauthority files).  Use it to create a ~/.Xauthority file or
       merge keys from another local or remote .Xauthority file.  Remote .Xauthority files can be  retrieved  via  FTP	(using	ncftp(1))  or  via
       rsh(1).	For a slight measure of security, mkxauth does not create any temporary files containing authentication keys (although anyone spy-
       ing on network packets can see the authentication key data as they pass	through  the  network;	for  secure  network  communications,  use
       ssh(1)).

   Creating and Adding to a .Xauthority File
       To  create  a .Xauthority file, use mkxauth -c (see(1) above).	mkxauth creates a .Xauthority file in the user's home directory (~/), con-
       taining a `key' or `magic cookie' for the host it was run on (the one returned by hostname(1)).	If a .Xauthority file already exists,  the
       keys are added to it.  If keys for that host already exist, they are replaced.

       To  create  or add to a .Xauthority file for another user, use mkxauth -u login -c.  mkxauth adds keys to ~login/.Xauthority (only the root
       user is allowed to do this).

       To add a key for more than one host, specify all hosts on the command line: mkxauth -c daffy porky bugs.  All hosts specified on  the  same
       command line receive the same key.  To create different keys for multiple hosts, run mkxauth for each host in succession:

	      mkxauth -c daffy
	      mkxauth -c porky
	      mkxauth -c bugs

   Merging Keys from Local .Xauthority Files
       To  merge keys from another local user's .Xauthority file, use mkxauth -m login (see(2) above).  mkxauth adds the keys in ~login/.Xauthor-
       ity to ~/.Xauthority, replacing any keys which already exist.  ~login/.Xauthority must be readable by the user  running	mkxauth  (normally
       only the root user can read other people's .Xauthority files).

   Merging Keys via FTP
       To  merge  keys from a remote .Xauthority file via FTP, use mkxauth -f host (see(3) above).  mkxauth retrieves the remote .Xauthority from
       host using ncftp(1) and adds those keys to ~/.Xauthority, replacing any keys which already exist.  [NOTE: you must have a ~/.netrc file set
       up to automatically log you into host, otherwise the FTP login attempt will fail.]

   Merging Keys via rsh(1)
       To  merge keys from remote .Xauthority file via rsh(1), use mkxauth -r host (see(4) above).  mkxauth retrieves the remote .Xauthority from
       host using rsh(1) and adds those keys to ~/.Xauthority, replacing any keys which already exist.	To login  as  a  different  user,  use	-l
       login.  [NOTE: you must have a .rhosts file set up properly for this to work, otherwise the remote login attempt will fail].

   Merging Keys via rsh(1) and gzip(1)
       If  your  remote  .Xauthority file is large, or to make it slightly less obvious that you're transferring authentication keys over the net-
       work, mkxauth can gzip(1) your .Xauthority file before retrieving it via rsh(1).  To do this, use mkxauth -z host (see(5) above).  mkxauth
       retrieves  the  remote .Xauthority from host using rsh(1) and adds those keys to ~/.Xauthority, replacing any keys which already exist.	To
       login as a different user, use -l login.  [NOTE: you must have a .rhosts file set up properly for this to work, otherwise the remote  login
       attempt will fail].

   Options
       To make mkxauth operate quietly, use the -q option.

       To add to ~login/.Xauthority, use the -u login option.

       To use login for the remote login in mkxauth -f, mkxauth -r, and mkxauth -z, use the -l login option.

   Getting Help
       To get quick help about mkxauth, use mkxauth --help.

FILES

       ~/.Xauthority
       ~/.netrc
       ~/.rhosts

COMMENTS

       mkxauth	is mostly useful for maintaining .Xauthority files in an environment which uses startx(1x).  xdm(1x) uses its own method of gener-
       ating .Xauthority files.  However, mkxauth is still useful for transferring .Xauthority information to remote login sessions  so  that  the
       user can display remote X clients on the local host without too much trouble.

       Note,  however,	that  using  rsh(1)  is  inherently  insecure,	and  sites  concerned  about  security	should	use  ssh(1)  instead  (see
       http://www.cs.hut.fi/ssh/ for more information).

SEE ALSO

       X(1x), Xsecurity(1x), gzip(1), mcookie(1), md5sum(1), ncftp(1), rsh(1), startx(1x), xauth(1x), xdm(1x)

BUGS

       Does not respect the XAUTHORITY environment variable.

AUTHOR

       Conceived and written by Jim Knoble <jmknoble@redhat.com>.  Copyright 1996 by Jim Knoble and Red Hat Software.  Distributed under  the  GNU
       GPL (General Public License); see ftp://prep.ai.mit.edu/pub/gnu/COPYING for more information.

Red Hat Software						    12-Dec-1996 						       mkxauth(1x)
All times are GMT -4. The time now is 07:25 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy