|
|
Sponsored Content
Operating Systems
AIX
AIX Disable direct root login problems
Post 302573030 by gito on Saturday 12th of November 2011 01:27:26 PM
11-12-2011
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
After Configuring a brand new netraT1, It appears, the only way you can log in as root is throught the Serial Port (console). I believe there is a file in /etc which can be edited to allow root to access login via other methods
eg: telnet, ssh, etc.
My Question:
Which file contains... (2 Replies)
Discussion started by: SmartJuniorUnix
2 Replies
2. AIX
Hello!
I'm going through security checklist for AIX 5.3 and i just can't disable remote login for root through ssh.
What i did:
- in /etc/security/user i added a line:
rlogin = false
which works fine when i try to login through telnet
- after installation of openSSH i edited... (3 Replies)
Discussion started by: veccinho
3 Replies
3. UNIX for Dummies Questions & Answers
I am able to disable direct root login through telnet. But when I add the rlogin = false into the /etc/security/user file. I am unable to log in as root from ssh. I uncommented the "PermitRootLogin yes" in the sshd_config file. Still can't log in. Can anyone help? (0 Replies)
Discussion started by: james0125
0 Replies
4. UNIX for Dummies Questions & Answers
Hi All,
I have setup a non root user on AIX 5.3, using smit. When I try logging on as that user my login screen just disappears. I am using PUTTY. I login to the same box as root no problems. I have tried re-creating several different usernames but get the same effect I have also telneted from a... (2 Replies)
Discussion started by: hansul
2 Replies
5. Linux
Hi Guys....
I am a newbie to unix. I have a requirement. I have a server. I have to configure ssh to disable direct root login and then add a user with sudo access to this server.Then change the ssh port to 22315 and the server should permit the ssh only from my local machine ip.I also have to... (1 Reply)
Discussion started by: mahesh_raghu
1 Replies
6. UNIX for Dummies Questions & Answers
I have already disabled root login over the ssh by modifying /etc/ssh/sshd_config.
But how would i disable root login on a server itself.
We have implemented LDAP in our environment and our security guide states that root login must be obtained by first logging into the host using his/her own... (2 Replies)
Discussion started by: pinga123
2 Replies
7. Solaris
Hi,
I am trying to setup direct login from server test1 (Solaris 10) to server test2 (Solaris 9) using id taops (ldap id).
Process Followed on Test 2.
created .rhosts file in home directory of user taops
geneted public key on test1 and appended to authorized keys on test2.
Now trying... (8 Replies)
Discussion started by: tuxian
8 Replies
8. Solaris
Hi all,
how can I disable direct login to a Solaris system not only for root user but also for other accounts?
Looking in google I came to the following:
For telnet (/etc/default/login):
disable root access> CONSOLE=/dev/console
disable generic user> ?
For ssh... (5 Replies)
Discussion started by: Evan
5 Replies
9. AIX
Hello,
I would like to confirm whether the below procedure is correct.
disabled direct super user access on AIX server using below procedure. Please let me know if there is any additional step.
1) confirm the access to HMC, console to reach the LPARs
2) chuser rlogin=false root
... (3 Replies)
Discussion started by: dio34
3 Replies
10. UNIX for Beginners Questions & Answers
Hello. I recently upgraded to a new Power 8 server and running AIX 7.1.
I migrated from an IBM P520 and AIX 5.5.
My application on the P520 works best if I direct print, it doesn't work well with spooling. My IBM rep set up the new Power 8 server with spooling which is causing an issue.... (4 Replies)
Discussion started by: ldavis1080
4 Replies
LEARN ABOUT OSF1
login
login(1) General Commands Manual login(1) NAME
login - Signs the user on to the system SYNOPSIS
login [-p] [-h host] [[-f] user] The login command is used when a user initially signs on to the system and also by daemons, such as ftp, to create a user's environment. This security-sensitive command uses the Security Integration Architecture (SIA) routine as an interface to the security mechanism(s) that perform the actual user validation. See the matrix.conf(4) reference page for more information. OPTIONS
With the exception of -p, these options are available only to the superuser. Used by telnetd and other servers to list the host from which the connection was received. Used with a user name user on the command line to indicate that proper authentication was already done, and that no password needs to be requested. Causes the remainder of the environment to be preserved; otherwise, any previous environment is discarded. DESCRIPTION
The invocation of login for initial signon is made by a system program or server using the privileged -h and -f forms of the login command. If login is invoked without an argument, it asks for a user name, and, if appropriate, a password. Echoing is turned off (if possible) during the entering of the password, so it will not appear on the written record of the session. After a successful login, accounting files are updated. You are informed of the existence of mail, and the message of the day and the time of last login are displayed. The mail message, the message of the day, and the last login time are suppressed if there is a file in the home directory; this is mostly used to make life easier for users such as uucp. Security Note If you have enhanced security installed on your system, the login command prints the last successful and unsuccessful login times and ter- minal devices. If the account does not have a password and the authentication profile for the account requires one, login starts the passwd command to establish one for the account. The login command prohibits you from logging in if any of the following are true: The password for the account has expired and you cannot successfully change the password. The password lifetime for the account has passed. The administrative lock on the account was set. The maximum number of unsuccessful login attempts for the account was exceeded. The maximum number of unsuccessful login attempts for the ter- minal was exceeded. The administrative lock on the terminal was set. The terminal has an authorized user list and you are not on it. The terminal has time of day restrictions and the current time is not within them. The account was retired by the system administrator. The login command initializes the user and group IDs and the working directory, and then executes a command interpreter according to spec- ifications found in the password file. Argument 0 (zero) of the command interpreter is the name of the command interpreter with a leading - (dash). The login command also modifies the environment with information specifying home directory, command interpreter, terminal type (if avail- able), and user name. Security Note If you have enhanced security installed on your system, the login command always allows root to log in at the console to avoid the situa- tion where all accounts and terminals are locked. If either /etc/nologin_hostname or /etc/nologin exists, login prints the contents on your terminal and exits. The shutdown command creates /etc/nologin_hostname (or /etc/nologin in the case of a clusterwide shutdown) to stop users from logging in when the system or cluster is about to go down. Login is recognized by sh, csh, and ksh and executed directly (without forking). ERRORS
The user name or the password is invalid. Consult your system administrator. Security Note If you have enhanced security installed on your system, you may see the following diagnostic messages: The login command cannot invoke the passwd program. The passwd program is invoked, the user is unable to change the password, and the account requires one. is allowed The login command is allowing a root login at the system console, despite a condition that would normally not allow such a login. The account is locked for one of the reasons previously listed. The terminal is locked for one of the reasons previously listed. You are not on the authorized user list for the terminal. The current time is not within the current time-of-day restrictions for the terminal. After an unsuccessful login attempt, login waits a specified (configurable) amount of time before it prompts for another login attempt. If the account's password was changed by another user, login prints the time the password was changed and the user who changed it. If your password is about to expire, login warns you of the time of the impending expiration. Your system administrator sets the warning period. FILES
Contains user and accounting information. Contains login history. Contains last login time stamps. Mail directory. Message of the day. Contains user information. Stops logins. In a cluster, /etc/nologin is used instead. Suppresses mail notification, message of the day, and last login time. SEE ALSO
Commands: binmail(1), chfn(1), chsh(1), getty(8), init(8), Mail(1), mail(1), mailx(1), passwd(1), rlogin(1), shutdown(8) Function: getpass(3) Files: matrix.conf(4), passwd(4), utmp(4) Security login(1)