11-19-2007
Quote:
Originally Posted by
veccinho
- after installation of openSSH i edited sshd_config - uncommented line: PermitRootLogin yes
Don't you want to change that to "no"?
10 More Discussions You Might Find Interesting
1. SCO
Hy,
Coud someone tell me how to disable root login via terminal (only from console should be allowed).
There is no ssh installed, only telnet.
I created a user which will have permission to su to root, but now i don't know where and what to modify to disable root login?
SCO OpenServer 5
... (1 Reply)
Discussion started by: veccinho
1 Replies
2. Solaris
I edited my /etc/default/login file and commented the line:
# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
#CONSOLE=/dev/console
I still cant login thru telnet or ssh.
What else do i have to do to be able to login... (14 Replies)
Discussion started by: BG_JrAdmin
14 Replies
3. AIX
Hi,
I want to disable telnet login for root only so that other users can telnet?
Regards,
Manoj (8 Replies)
Discussion started by: manoj.solaris
8 Replies
4. SCO
dear all,
pls give the sollution to disable root login from telnet directly.but it should allow while we type su command (2 Replies)
Discussion started by: prakrithi
2 Replies
5. Solaris
I'm attempting to deny a user's ability to login as root through any remote means - ie telnet or ssh. I've read most of the threads that I can find on this site and I've looked at BigAdmin on Sun's site. I have done what has been suggested here and on BigAdmin which is to make sure that the line... (5 Replies)
Discussion started by: gonzotonka
5 Replies
6. UNIX for Dummies Questions & Answers
we don't have root in our /etc/ftpd/ftpusers and we are getting some pushback from the external auditors about this - specifically as a security risk if a "sniffer" were to catch roots password at the ftp.
What do most shops do - disable ftp for root?
What do you do to get things to the... (3 Replies)
Discussion started by: LisaS
3 Replies
7. UNIX for Dummies Questions & Answers
Hi All,
I have setup a non root user on AIX 5.3, using smit. When I try logging on as that user my login screen just disappears. I am using PUTTY. I login to the same box as root no problems. I have tried re-creating several different usernames but get the same effect I have also telneted from a... (2 Replies)
Discussion started by: hansul
2 Replies
8. Solaris
how to login with ssh to remote system with out applying the remote root/user password
with rlogin we can ujse .rhosts file
but with ssh howits possible
plz guide (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies
9. AIX
I have disabled rlogin for root successfully , but after that i could not login to root from console and could not su to root from other users as it responded as expired account
I did not have any admin user but I have managed to recover the situation by accessing rootvg before mounting it, but... (5 Replies)
Discussion started by: majd_ece
5 Replies
10. UNIX for Advanced & Expert Users
Hi,
As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
To do this, in sshd_config I comment out these lines :
Ciphers aes128-cbc,blowfish-cbc,3des-cbc
MACS hmac-sha1,hmac-md5
and add... (9 Replies)
Discussion started by: anaigini45
9 Replies
LEARN ABOUT CENTOS
tpm_quote_tools
TPM QUOTE
TOOLS(8) TPM QUOTE TOOLS(8)
NAME
TPM Quote Tools
PROGRAMS
tpm_mkuuid, tpm_mkaik, tpm_loadkey, tpm_unloadkey, tpm_getpcrhash, tpm_updatepcrhash, tpm_getquote, tpm_verifyquote
DESCRIPTION
TPM Quote Tools is a collection of programs that provide support for TPM based attestation using the TPM quote operation.
A TPM contains a set of Platform Configuration Registers (PCRs). In a well configured machine, some of these registers are set to known
values during the boot up process or at other times. For example, a PCR might contain the hash of a boot loader in memory before it is
run.
The TPM quote operation is used to authoritatively verify the contents of a TPM's Platform Configuration Registers (PCRs). During provi-
sioning, a composite hash of a selected set of PCRs is computed. The TPM quote operation produces a composite hash that can be compared
with the one computed while provisioning.
To use the TPM quote operation, keys must be generated. During provisioning, an Attestation Identity Key (AIK) is generated for each TPM,
and the public part of the key is made available to entities that validate quotes.
The TPM quote operation returns signed data and a signature. The data that is signed contains the PCRs selected for the operation, the
composite hash for the selected PCRs, and a nonce provided as input, and used to prevent replay attacks. At provisioning time, the data
that is signed is stored, not just the composite hash. The signature is discarded.
An entity that wishes to evaluate a machine generates a nonce, and sends it along with the set of PCR used to generate the composite PCR
hash at provisioning time. For this use of the TPM quote operation, the signed data is ignored, and the signature returned is used to val-
idate the state of the TPM's PCRs. Given the signature, the evaluating entity replaces the nonce in the signed data generated at provi-
sioning time, and checks to see if the signature is valid for the data. If so, this check ensures the selected PCRs contain values that
match the ones measured during provisioning.
A typical scenario for an enterprise using these tools follows. The tools expect AIKs to be referenced via one enterprise-wide Universally
Unique Identifier (UUID). The program tpm_mkuuid creates one.
For each machine being checked, an AIK is created using tpm_mkaik. The key blob produced is bound to the UUID on its machine using
tpm_loadkey. The public key associated with the AIK is sent to the entities that verify quotes. Finally, the expected PCR composite hash
is obtained using tpm_getpcrhash. When the expected PCR values change, a new hash can be generated with tpm_updatepcrhash.
The program to obtain a quote, and thus measure the current state of the PCRs is tpm_getquote. The program that verifies the quote
describes the same PCR composite hash as was measured initially is tpm_verifyquote.
SEE ALSO
tpm_mkuuid(8), tpm_mkaik(8), tpm_loadkey(8), tpm_unloadkey(8), tpm_getpcrhash(8), tpm_updatepcrhash(8), tpm_getquote(8), tpm_verifyquote(8)
Oct 2010 TPM QUOTE TOOLS(8)