Dear
i have installed Solaris 10 on SUN V240
after installation i can not access system through root user
if i access system through any other user it conects but root is not connecting through LAN
if i connect through SC and then access root though cosole -f command it also works
kindly help me in this regard
SSH probably has the option to allow root logins turned off. For OpenSSH, edit the config file (sshd_config somewhere below /etc), find the "PermitRootLogin" line, and set that option to yes. Reload the config and you should be good to go.
still i can not access root login through LAN following is ssdh_config file
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
#
# Configuration file for sshd(1m)
# Use is subject to license terms.ns supported
#
# ident "@(#)sshd_config 1.8 04/05/10 SMI"in this release of Solaris has support for major vers
#n
# Configuration file for sshd(1m)
# Protocol versions supportedcommended due to security wea
"sshd_config" 160 lines, 5206 characters
#
# The sshd shipped in this release of Solaris has support for major versionsvided to help sites
# 1 and 2. It is recommended due to security weaknesses in the v1 protocol
--More--(24%)
# that sites run only v2 if possible. Support ffu
# RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they5%)tmp
# Uncomment ONLY ONE of the following Protocol statement
# do not already exist, RSA1 keys for protocol v1 are not automatically created.
# Only v2 (recommended)
data
Protocol 2vices los
# B
# Uncomment ONLY ONE of the following Protocol statements.
#Protocol 2,1
dev
--More--(30%)me
# Only v2 (recommended)nded) vol
Protocol 2Protocol 1
# Both v1 and v2 (not recommended) registered port number for ssh is
#Protocol 2,1
# Only v1 (not r
#e
# ident "@(#)sshd_config 1.8 04/05/10 SMI"
--More--(35%)
# IPv4 only
#
# Configuration file for sshd(1m)elit
--More--(36%)
# Protocol versions supported
ListenAddress ::e
#
--More--(20%)warding reboo
# The sshd shipped in this release of Solaris has support for major versionsk
# If port forwarding is enabled, specify if the server can bind to INA
# 1 and 2. It is recommended due to security weaknesses in the v1 protocol
# This allows the local port forwarding to work when connections
--More--(26%)t is assumed
# Only v2 (recommended)l do these (eg /etc/pro
Protocol 2
# Both v1 and v2 (not recommended) sfw
--Mo
#Protocol 2,1
Prin
--More--(30%)
# Kee
# Only v1 (not recommended) alive messages are sent to
#Protocol 1
defau
# Listen port (the IANA registered port number for ssh is 22)# See sshd(1) for detailed description of what this means.nt
--More--(31%) shutdown
Port 22
# The default listen address is all interfaces, this may need to be changedending keep alive messages to the server.
devlink.tab
# if you wish to restrict the interfaces sshd listens on for a multi homed host.facility and levelme_to_major smartca
SyslogFacility auth
# Multiple ListenAddress entries are allowed.e_to_sysnum
#
--More--(59%)
#
--More--(35%)n configurati
# IPv4 only nc
#ListenAddress 0.0.0.0vate key files
--More--(36%)
# The maximum number of concurrent unauthenticated connections to sshd.erverKeyBits 768 sysevent
--More--(68%)
# sshd re
--More--(46%)key every Key
# start:rate:full see sshd(1) for more information.
#Banner /etc/issue
# Ensure secur
# Should sshd print the /etc/motd file and check for mail.
StrictModes yes
fsck
# On Solaris it is assumed that the login shell will do these (eg /etc/profile).
fsdb opasswd
--More--(77%)
--More--(52%)tion is disco
PrintMotd nop
# KeepAlive specifies whether keep alive messages are sent to the client.
ftpd orbitrc
LoginGraceTime 600
# See sshd(1) for detailed description of what this means._attr ttysrch
# Default is 6. Defa
--More--(54%) for MaxAuthT
# Note that the client may also be sending keep al
# Host private key filesss PAM_DISALLOW_NULL_AUT
# Must be on a local disk and readable only by the root user (root:sys 600).authenticate(3PAM).1.0 path_to_inst.old
PermitEmptyPasswords no
--More--(62%)
# To di
HostKey /etc/ssh/ssh_host_rsa_keys, change PasswordAuthentication
HostKey /etc/ssh/ssh_host_dsa_key
grpck
# Default Encryption algorithms and Message Authentication codes
--More--(89%)
# Use PAM via keyboard intera
#Ciphers aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc product-info v
# Depending on the setup of pam.conf(4) t
--More--(65%)tunneled clea
#MACS hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-
# The default is 1 hour (3600 seconds).
i
# Note that sshd uses
KeyRegenerationInterval 3600 root (or any other) user
# Ensure secure permissions on users .ssh directory. wtmpx
# maybe denied access by a PAM m
StrictModes yes of this settin
# Length of time in seconds before a client that hasn't completed
--More--(96%)
# Valid options are yes, without-pass
--More--(77%)
# authentication is disconnected.tRootLogin yes xpdfrc
# Default is 600 seconds. 0 means no bsystem
--More--(82%)config
# so
MaxAuthTries 6ds compatibility
MaxAuthTriesLog 3 security
--More--(83%)ey
# Are logins to accounts with empty passwords allowed.r use is not recommended and the functionality
--More--(83%)_config
# If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOKrt for v1 protocol is removed.
# All rights reserved.
# to pam_authenticate(3PAM).Should sshd use .rhosts and
PermitEmptyPasswords yes authentication.
# To disable tunneled clear text passwords, change PasswordAuthentication to no.
RhostsAuthentication nonged in per-user config
# Rhosts RSA Auth
PasswordAuthentication yes
--More--(89%)
# Are root logins permitted using sshd.fault is yes
RSAAuthent
# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) usernfig" 160 lines, 5204 charactersuthentication yes
# maybe denied access by a PAM module regardleMicrosystems,
# FallBackToR
# SSH protocol v1 specific options
#
# The following options only apply to the v1 protocol and provide
# some form of backwards compatibility with the very weak security
# of /usr/bin/rsh. Their use is not recommended and the functionality
# will be removed when support for v1 protocol is removed.
# Should sshd use .rhosts and .shosts for password less authentication.
IgnoreRhosts yes
RhostsAuthentication no
# Rhosts RSA Authentication
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts.
# If the user on the client side is not root then this won't work on
# Solaris since /usr/bin/ssh is not installed setuid.
RhostsRSAAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.
#IgnoreUserKnownHosts yes
# Is pure RSA authentication allowed.
# Default is yes
RSAAuthentication yes
I think u missed some lines in /etc/ssh/sshd_config....
here u need to change ( from 'no' to 'yes' )
# Are root logins permitted using sshd.
# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
# maybe denied access by a PAM module regardless of this setting.
# Valid options are yes, without-password, no. PermitRootLogin yes
*********************************************
If you are using telnet, then comment the following line in /etc/default/login
# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
# #CONSOLE=/dev/console
Hi
If you are logging through SSh in solaris then it is not allowed to login through root because there is one parameter in file /etc/ssh/sshd_config we need to change the value of it
The value of parameter is
PermitRootLogin no
you have to change it
PermitRootLogin yes
it is case sensitive ok
After editing the file you have to refresh the ssh service through command
svcadm refresh ssh
this command you can give on live server also ok
and If you are login through telnet then
you have to change the parameter in /etc/default/login
there is a variable CONSOLE
CONSOLE=/dev/console
you have to put the # sign in front of the CONSOLE variable
and refresh the inetd service
greetings, just ran across a fun situation we had overlooked.
We have a backdoor user, no special privileges, which we put on every server so that anyone in the shop can get in (passwd in vault) if they need to, even if they don't have a local account on that server. The point of course is to... (3 Replies)
Hi All,
I have to install an application which needs access to system BIOS information.
The application needs to be installed by non root user.
How would i grant read privileges of /dev/mem file to the non root user so that it can capture system BIOS information while running the application?... (13 Replies)
Hello,
It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only.
This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file.
Is it possible to give... (9 Replies)
Hello Gurus,
I want One user to su to another without allowing root access and password.
I want to run a specific command as below from user am663:
---------------------------------------------------------
sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh
-------------------
But... (6 Replies)
Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal.
I want to give some users a root level access.
Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way
Regards
ADI (4 Replies)
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Please let me know how to setup a non-root user to be able to access a privileged port (<1024) on Solaris 8. I am currently running tomcat as "tomcat" user and I get the following error during to start up:
SEVERE: Error initializing endpoint
java.net.BindException: Permission denied<null>:443 (5 Replies)
Hi,
I need to access a user's command history. However, the dilemma is that he is logged in and so his current history is not yet flushed to .bash_history file which gets flushed when he logs out. Is there a way I can still access his most recent history?
thank you,
S (4 Replies)
Hi
I have been asked to find out how to
1) create users
2) reset passwords
3) kill processes that may require root privileges
without having root password, sudo rights or rights to passwd command
Any ideas?
Thanks in advance (1 Reply)
03-18-2009
I can not access root user through LAN