Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Procedure to restrict direct access as root
Operating Systems AIX Procedure to restrict direct access as root Post 302974819 by dio34 on Friday 3rd of June 2016 05:04:27 PM
Old 06-03-2016
IBM Procedure to restrict direct access as root
Hello,

I would like to confirm whether the below procedure is correct.

disabled direct super user access on AIX server using below procedure. Please let me know if there is any additional step.

Code:
1) confirm the access to HMC, console to reach the LPARs

2) chuser rlogin=false root
   chuser login=true root
    
3) set Permit Root login to No
 
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.original
 

vi /etc/ssh/sshd_config 
PermitRootLogin no

stopsrc -s sshd
startsrc -s sshd

4) confirm "rlogind" is disabled from /etc/inetd.conf
grep rlogind /etc/inetd.conf

thank you
 

10 More Discussions You Might Find Interesting

1. Programming

Direct disk access

Is there any way to write to disk sector by sector, without any files, filesystems etc. I did that in DOS, but that was DOS. (3 Replies)
Discussion started by: Lopatonosec
3 Replies

2. Linux

ssh - disable direct root login

Hi Guys.... I am a newbie to unix. I have a requirement. I have a server. I have to configure ssh to disable direct root login and then add a user with sudo access to this server.Then change the ssh port to 22315 and the server should permit the ssh only from my local machine ip.I also have to... (1 Reply)
Discussion started by: mahesh_raghu
1 Replies

3. Solaris

Direct/scsu access to unix account

Hey Is there any way to differentiate if a user is logged directly into a UNIX functional account or if they have scsu'ed into the functional account? Cheers Paul (2 Replies)
Discussion started by: runnerpaul
2 Replies

4. Linux

Restrict NFS access to root

Hi Everybody, If there is a general NFS share in the LAN and for example this share has three files - a, b, c is there any way to restrict file access to the root user of one particular host(falcon) in the same LAN environment while the normal users from the same host(falcon) should be able... (4 Replies)
Discussion started by: sudhirav
4 Replies

5. UNIX for Dummies Questions & Answers

Restrict user access.

Hi All, How can we restrict a particular user access to a particular shell in solaris 10. Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies

6. Red Hat

Restrict user access

Hi there I have an application user on my system that wants accesses to these file systems as such: rwx: /SAPO /SAPS12 /R3_888 /R3_888B /R3_888F /R3_888R r: /usr/sap these are the existing FS permissions:ownerships: # ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies

7. Ubuntu

Restrict SUDO Access

Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux Hi Folks, Please help me. I am bit struck here. Here is the OS info. Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux I have a... (17 Replies)
Discussion started by: explorer007
17 Replies

8. UNIX for Dummies Questions & Answers

Restrict access

I'm trying to use squid to restrict elinks' access to certain websites(only http traffic). I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :) ---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies

9. AIX

Disabling SSH direct access for an AIX user

Hello everyone, Can anyone help me please. I want to disable SSH direct access for an AIX user. For example, if I have USER1 and USER2. I want to disactivate direct access for USER2. The user must enter his login (USER1) and his password and then he can do su - USER2 . Thanks, (3 Replies)
Discussion started by: adilyos
3 Replies

10. UNIX for Advanced & Expert Users

Restrict service account from direct interactive sessions

Environment: CentOS 7 I would like to have a solution where a service account can access a server in only these ways: ssh non-interactively via password or ssh key; that is, run commands or scripts (but running anything in /etc/shells will not be allowed) not ssh interactively regular... (2 Replies)
Discussion started by: bgstack15
2 Replies

LEARN ABOUT REDHAT

ssh-keysign

SSH-KEYSIGN(8)						    BSD System Manager's Manual 					    SSH-KEYSIGN(8)

NAME

     ssh-keysign -- ssh helper program for hostbased authentication

SYNOPSIS

     ssh-keysign

DESCRIPTION

     ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during hostbased authentication with
     SSH protocol version 2.

     ssh-keysign is disabled by default and can only be enabled in the the global client configuration file /etc/ssh/ssh_config by setting
     HostbasedAuthentication to ``yes''.

     ssh-keysign is not intended to be invoked by the user, but from ssh(1).  See ssh(1) and sshd(8) for more information about hostbased authen-
     tication.

FILES

     /etc/ssh/ssh_config
	     Controls whether ssh-keysign is enabled.

     /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
	     These files contain the private parts of the host keys used to generate the digital signature.  They should be owned by root, read-
	     able only by root, and not accessible to others.  Since they are readable only by root, ssh-keysign must be set-uid root if hostbased
	     authentication is used.

SEE ALSO

     ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)

AUTHORS

     Markus Friedl <markus@openbsd.org>

HISTORY

     ssh-keysign first appeared in OpenBSD 3.2.

BSD
								   May 24, 2002 							       BSD
All times are GMT -4. The time now is 05:30 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy