11-26-2010
blank /etc/securetty if that is really what you want... but the usual practice is to keep root login only from console...
This User Gave Thanks to vbe For This Post:
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
After Configuring a brand new netraT1, It appears, the only way you can log in as root is throught the Serial Port (console). I believe there is a file in /etc which can be edited to allow root to access login via other methods
eg: telnet, ssh, etc.
My Question:
Which file contains... (2 Replies)
Discussion started by: SmartJuniorUnix
2 Replies
2. Answers to Frequently Asked Questions
We have quite a few threads about this subject. I have collected some of them and arranged them by the OS which is primarily discussed in the thread. That is because the exact procedure depends on the OS involved. What's more, since you often need to interact with the boot process, the... (0 Replies)
Discussion started by: Perderabo
0 Replies
3. AIX
Hi, yesterday, I changed root's shell in /etc/passwd, cause a mistake then I can not log in root account (can't find correct shell). I attempted to log in single-mode, however, it prompted for single-mode's password then I type root's password but still can not log in.
I'm using AIX 5L version 5.2... (2 Replies)
Discussion started by: neikel
2 Replies
4. Solaris
I edited my /etc/default/login file and commented the line:
# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
#CONSOLE=/dev/console
I still cant login thru telnet or ssh.
What else do i have to do to be able to login... (14 Replies)
Discussion started by: BG_JrAdmin
14 Replies
5. UNIX for Dummies Questions & Answers
I am able to disable direct root login through telnet. But when I add the rlogin = false into the /etc/security/user file. I am unable to log in as root from ssh. I uncommented the "PermitRootLogin yes" in the sshd_config file. Still can't log in. Can anyone help? (0 Replies)
Discussion started by: james0125
0 Replies
6. Linux
Hi Guys....
I am a newbie to unix. I have a requirement. I have a server. I have to configure ssh to disable direct root login and then add a user with sudo access to this server.Then change the ssh port to 22315 and the server should permit the ssh only from my local machine ip.I also have to... (1 Reply)
Discussion started by: mahesh_raghu
1 Replies
7. UNIX for Advanced & Expert Users
Q1
I want to allow particular user only to login into root using ssh.
I have set PermitRootLogin no for security purpose but I want to allow some of
the users to login as a root using ssh how to do this?
I have tried with Allowusers user1 user2 its working for only the user1 and... (3 Replies)
Discussion started by: ungalnanban
3 Replies
8. Solaris
how to login with ssh to remote system with out applying the remote root/user password
with rlogin we can ujse .rhosts file
but with ssh howits possible
plz guide (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies
9. AIX
I have disabled rlogin for root successfully , but after that i could not login to root from console and could not su to root from other users as it responded as expired account
I did not have any admin user but I have managed to recover the situation by accessing rootvg before mounting it, but... (5 Replies)
Discussion started by: majd_ece
5 Replies
10. SuSE
I access over 100 SUSE SLES servers as root from my admin server, via ssh sessions using ssh keys, so I don't have to enter a password. My SUSE Admin server is setup in the following manner:
1) Remote root access is turned off in the sshd_config file.
2) I am the only user of this admin... (6 Replies)
Discussion started by: dvbell
6 Replies
LEARN ABOUT CENTOS
pam_securetty
PAM_SECURETTY(8) Linux-PAM Manual PAM_SECURETTY(8)
NAME
pam_securetty - Limit root login to special devices
SYNOPSIS
pam_securetty.so [debug]
DESCRIPTION
pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in
/etc/securetty. pam_securetty also checks to make sure that /etc/securetty is a plain file and not world writable. It will also allow root
logins on the tty specified with console= switch on the kernel command line and on ttys from the /sys/class/tty/console/active.
This module has no effect on non-root users and requires that the application fills in the PAM_TTY item correctly.
For canonical usage, should be listed as a required authentication method before any sufficient authentication methods.
OPTIONS
debug
Print debug information.
noconsole
Do not automatically allow root logins on the kernel console device, as specified on the kernel command line or by the sys file, if it
is not also specified in the /etc/securetty file.
MODULE TYPES PROVIDED
Only the auth module type is provided.
RETURN VALUES
PAM_SUCCESS
The user is allowed to continue authentication. Either the user is not root, or the root user is trying to log in on an acceptable
device.
PAM_AUTH_ERR
Authentication is rejected. Either root is attempting to log in via an unacceptable device, or the /etc/securetty file is world
writable or not a normal file.
PAM_INCOMPLETE
An application error occurred. pam_securetty was not able to get information it required from the application that called it.
PAM_SERVICE_ERR
An error occurred while the module was determining the user's name or tty, or the module could not open /etc/securetty.
PAM_USER_UNKNOWN
The module could not find the user name in the /etc/passwd file to verify whether the user had a UID of 0. Therefore, the results of
running this module are ignored.
EXAMPLES
auth required pam_securetty.so
auth required pam_unix.so
SEE ALSO
securetty(5), pam.conf(5), pam.d(5), pam(8)
AUTHOR
pam_securetty was written by Elliot Lee <sopwith@cuc.edu>.
Linux-PAM Manual 09/19/2013 PAM_SECURETTY(8)