08-02-2008
If you modified the sshd_config file you need to restart sshd
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
using redhat 7.2
Is it possible to not allow root to ssh into the server remotely, but allow the account that ssh'd in to the box to su to root? This way there is the added security of a hacker needing two passwords to hack your computer, a username/password for a regular account and also the... (3 Replies)
Discussion started by: theDirtiest
3 Replies
2. UNIX for Dummies Questions & Answers
Hi all
I'm using an AIX 5 machine.
I'm trying to telnet from this machine to another Aix machine.
When I use the "root" user - Everything works.
I can telnet successfully the other machine
When I use another user but root - I can't telnet the machine:
noah@logist:/home/noah>telnet aixtst... (2 Replies)
Discussion started by: sunbird
2 Replies
3. UNIX for Dummies Questions & Answers
All,
I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
Discussion started by: bubba112557
2 Replies
4. UNIX for Dummies Questions & Answers
OK, let see, i have a Tru64 Unix and need to know how the list of ftp users works and in /etc/ftpusers we have the unauthorized users but when we create a new user i want this users put automatic for deny access .....
where i set when creation of users action put automatic the user in that file?... (1 Reply)
Discussion started by: wbendek
1 Replies
5. AIX
Hi,
I have to forbid root-logins on all my servers, expect from two machines, these 2 machines login with root without a password
it was quite easy with ssh, but I have a problem regarding rsh/rlogin, an there
are a lot of rsh jobs, so it would take a lot of time to change all this... (4 Replies)
Discussion started by: funksen
4 Replies
6. Solaris
I'm attempting to deny a user's ability to login as root through any remote means - ie telnet or ssh. I've read most of the threads that I can find on this site and I've looked at BigAdmin on Sun's site. I have done what has been suggested here and on BigAdmin which is to make sure that the line... (5 Replies)
Discussion started by: gonzotonka
5 Replies
7. Solaris
Hi All
After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file... (2 Replies)
Discussion started by: sb200
2 Replies
8. AIX
Is there a way to deny access to a specific remote login option.
example:
usera--deny telnet access but keep rsh and rlogin
userb--keeps telnet, rsh, and rlogin
I'm basically trying to contol the access per services instead of changing the LOGIN REMOTELY(rsh,tn,rlogin) option to yes or no. (12 Replies)
Discussion started by: leemalloy
12 Replies
9. Red Hat
Hi team,
I tried to modify the /etc/security/limits.conf file to limit the root user for more one login. I added the line in limits.conf file like:
@root hard maxlogins 1
I also tried to modify /etc/ssh/sshd_config to limit the root userlogin by adding this:
... (10 Replies)
Discussion started by: leo_ultra_leo
10 Replies
10. UNIX for Dummies Questions & Answers
Hi there,
For /etc/hosts.deny was it used to deny access from the internet? (2 Replies)
Discussion started by: alvinoo
2 Replies
LEARN ABOUT LINUX
login.krb5
LOGIN(8) System Manager's Manual LOGIN(8)
NAME
login.krb5 - kerberos enhanced login program
SYNOPSIS
login.krb5 [-p] [-fFe username] [-r | -k | -K | -h hostname]
DESCRIPTION
login.krb5 is a modification of the BSD login program which is used for two functions. It is the sub-process used by krlogind and telnetd
to initiate a user session and it is a replacement for the command-line login program which, when invoked with a password, acquires Ker-
beros tickets for the user.
login.krb5 will prompt for a username, or take one on the command line, as login.krb5 username and will then prompt for a password. This
password will be used to acquire Kerberos Version 5 tickets (if possible.) It will also attempt to run aklog to get AFS tokens for the
user. The version 5 tickets will be tested against a local krb5.keytab if it is available, in order to verify the tickets, before letting
the user in. However, if the password matches the entry in /etc/passwd the user will be unconditionally allowed (permitting use of the
machine in case of network failure.)
OPTIONS
-p preserve the current environment
-r hostname
pass hostname to rlogind. Must be the last argument.
-h hostname
pass hostname to telnetd, etc. Must be the last argument.
-f name
Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root.
-F name
Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root.
-e name
Perform pre-authenticated, encrypted login. Must do term negotiation.
CONFIGURATION
login.krb5 is also configured via krb5.conf using the login stanza. A collection of options dealing with initial authentication are pro-
vided:
krb5_get_tickets
Use password to get V5 tickets. Default value true.
krb_run_aklog
Attempt to run aklog. Default value false.
aklog_path
Where to find it [not yet implemented.] Default value $(prefix)/bin/aklog.
accept_passwd
Don't accept plaintext passwords [not yet implemented]. Default value false.
DIAGNOSTICS
All diagnostic messages are returned on the connection or tty associated with stderr.
SEE ALSO
rlogind(8), rlogin(1), telnetd(8)
LOGIN(8)