|
|
Sponsored Content
Operating Systems
Solaris
Remote ssh login as root
Post 76669 by 98_1LE on Wednesday 29th of June 2005 04:00:15 PM
06-29-2005
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi:
I have been given the responsibility of administering AIX 3.1 machine in my lab recently. And, I am having trouble logging on to the machine using SSH through windous systems. Thus, now no one is able to access it!!
The following error message is displayed when I tried to login:
"The... (3 Replies)
Discussion started by: pdepa
3 Replies
2. AIX
Hello!
I'm going through security checklist for AIX 5.3 and i just can't disable remote login for root through ssh.
What i did:
- in /etc/security/user i added a line:
rlogin = false
which works fine when i try to login through telnet
- after installation of openSSH i edited... (3 Replies)
Discussion started by: veccinho
3 Replies
3. Shell Programming and Scripting
Hi ,
I need to login to remotemachines through ssh and move some logfiles to my localmachine. My servername,username and password will be store in the .profile file. can any one please help me in this?
This will be a cronjob so Password can't be enter at run time.
Thanks in advance
Subin (5 Replies)
Discussion started by: subin_bala
5 Replies
4. Solaris
I'm attempting to deny a user's ability to login as root through any remote means - ie telnet or ssh. I've read most of the threads that I can find on this site and I've looked at BigAdmin on Sun's site. I have done what has been suggested here and on BigAdmin which is to make sure that the line... (5 Replies)
Discussion started by: gonzotonka
5 Replies
5. UNIX for Dummies Questions & Answers
Hello sir,
Im using ubuntu distro.
We all know that ssh is used for password less entry.So, I have the public key and the IP address and the username thats it. Now to login it to the system either I should have password or a private key.Now I have the blacklist of private/public keys. But I dont... (1 Reply)
Discussion started by: nsharath
1 Replies
6. Linux
Hi Guys....
I am a newbie to unix. I have a requirement. I have a server. I have to configure ssh to disable direct root login and then add a user with sudo access to this server.Then change the ssh port to 22315 and the server should permit the ssh only from my local machine ip.I also have to... (1 Reply)
Discussion started by: mahesh_raghu
1 Replies
7. Solaris
how to login with ssh to remote system with out applying the remote root/user password
with rlogin we can ujse .rhosts file
but with ssh howits possible
plz guide (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies
8. UNIX for Dummies Questions & Answers
I have already disabled root login over the ssh by modifying /etc/ssh/sshd_config.
But how would i disable root login on a server itself.
We have implemented LDAP in our environment and our security guide states that root login must be obtained by first logging into the host using his/her own... (2 Replies)
Discussion started by: pinga123
2 Replies
9. AIX
i am in node acbs01b and i use the root@fcbs01b to login and i have the below message .
ssh root@fcbs01b
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT... (6 Replies)
Discussion started by: thecobra151
6 Replies
10. Shell Programming and Scripting
Hi Friends,
I am unable to run our application commands on remote server using ssh (passwordless login enabled). But the same command running with telent perl script. please suggest.
SSH:
C:/bin>ssh -l monitor tl04cp01 exec "/home/monitor/123"
/home/monitor/123: viewlog: not found.
... (7 Replies)
Discussion started by: suresh3566
7 Replies
LEARN ABOUT SUNOS
hosts.equiv
hosts.equiv(4) File Formats hosts.equiv(4) NAME
hosts.equiv, rhosts - trusted remote hosts and users DESCRIPTION
The /etc/hosts.equiv and .rhosts files provide the "remote authentication" database for rlogin(1), rsh(1), rcp(1), and rcmd(3SOCKET). The files specify remote hosts and users that are considered "trusted". Trusted users are allowed to access the local system without supply- ing a password. The library routine ruserok() (see rcmd(3SOCKET)) performs the authentication procedure for programs by using the /etc/hosts.equiv and .rhosts files. The /etc/hosts.equiv file applies to the entire system, while individual users can maintain their own .rhosts files in their home directories. These files bypass the standard password-based user authentication mechanism. To maintain system security, care must be taken in creating and maintaining these files. The remote authentication procedure determines whether a user from a remote host should be allowed to access the local system with the identity of a local user. This procedure first checks the /etc/hosts.equiv file and then checks the .rhosts file in the home directory of the local user who is requesting access. Entries in these files can be of two forms. Positive entries allow access, while negative entries deny access. The authentication succeeds when a matching positive entry is found. The procedure fails when the first matching nega- tive entry is found, or if no matching entries are found in either file. The order of entries is important. If the files contain both posi- tive and negative entries, the entry that appears first will prevail. The rsh(1) and rcp(1) programs fail if the remote authentication pro- cedure fails. The rlogin program falls back to the standard password-based login procedure if the remote authentication fails. Both files are formatted as a list of one-line entries. Each entry has the form: hostname [username] Hostnames must be the official name of the host, not one of its nicknames. Negative entries are differentiated from positive entries by a `-' character preceding either the hostname or username field. Positive Entries If the form: hostname is used, then users from the named host are trusted. That is, they may access the system with the same user name as they have on the remote system. This form may be used in both the /etc/hosts.equiv and .rhosts files. If the line is in the form: hostname username then the named user from the named host can access the system. This form may be used in individual .rhosts files to allow remote users to access the system as a different local user. If this form is used in the /etc/hosts.equiv file, the named remote user will be allowed to access the system as any local user. netgroup(4) can be used in either the hostname or username fields to match a number of hosts or users in one entry. The form: +@netgroup allows access from all hosts in the named netgroup. When used in the username field, netgroups allow a group of remote users to access the system as a particular local user. The form: hostname +@netgroup allows all of the users in the named netgroup from the named host to access the system as the local user. The form: +@netgroup1 +@netgroup2 allows the users in netgroup2 from the hosts in netgroup1 to access the system as the local user. The special character `+' can be used in place of either hostname or username to match any host or user. For example, the entry + will allow a user from any remote host to access the system with the same username. The entry + username will allow the named user from any remote host to access the system. The entry hostname + will allow any user from the named host to access the system as the local user. Negative Entries Negative entries are preceded by a `-' sign. The form: -hostname will disallow all access from the named host. The form: -@netgroup means that access is explicitly disallowed from all hosts in the named netgroup. The form: hostname -username disallows access by the named user only from the named host, while the form: + -@netgroup will disallow access by all of the users in the named netgroup from all hosts. Search Sequence To help maintain system security, the /etc/hosts.equiv file is not checked when access is being attempted for super-user. If the user attempting access is not the super-user, /etc/hosts.equiv is searched for lines of the form described above. Checks are made for lines in this file in the following order: 1. + 2. +@netgroup 3. -@netgroup 4. -hostname 5. hostname The user is granted access if a positive match occurrs. Negative entries apply only to /etc/hosts.equiv and may be overridden by subse- quent .rhosts entries. If no positive match occurred, the .rhosts file is then searched if the user attempting access maintains such a file. This file is searched whether or not the user attempting access is the super-user. As a security feature, the .rhosts file must be owned by the user who is attempting access. Checks are made for lines in .rhosts in the following order: 1. + 2. +@netgroup 3. -@netgroup 4. -hostname 5. hostname FILES
/etc/hosts.equiv system trusted hosts and users ~/.rhosts user's trusted hosts and users SEE ALSO
rcp(1), rlogin(1), rsh(1), rcmd(3SOCKET), hosts(4), netgroup(4), passwd(4) WARNINGS
Positive entries in /etc/hosts.equiv that include a username field (either an individual named user, a netgroup, or `+' sign) should be used with extreme caution. Because /etc/hosts.equiv applies system-wide, these entries allow one, or a group of, remote users to access the system as any local user. This can be a security hole. For example, because of the search sequence, an /etc/hosts.equiv file consist- ing of the entries + -hostxxx will not deny access to "hostxxx". SunOS 5.10 23 Jun 1997 hosts.equiv(4)