Deny root remote login help


 
Thread Tools Search this Thread
Operating Systems Solaris Deny root remote login help
# 1  
Old 02-02-2007
Deny root remote login help

I'm attempting to deny a user's ability to login as root through any remote means - ie telnet or ssh. I've read most of the threads that I can find on this site and I've looked at BigAdmin on Sun's site. I have done what has been suggested here and on BigAdmin which is to make sure that the line in the /etc/default/login file (CONSOLE=/dev/console) is uncommented. However, I'm still able to remotely login to my machine through telnet and/or ssh. I have changed the file to both commented and uncommented and rebooted serveral times. Nothing seems to alter the behavior. Are there any other config files or conditions that might allow this activity?

I'm running Solaris 5.8 on a V240 Sun server.

Thanks.
# 2  
Old 02-02-2007
"However, I'm still able to remotely login to my machine through telnet and/or ssh."
What is that supposed to mean? The change you made should have fixed telnet. Did it? For ssh, put a DenyUsers line in sshd-config. Do a "man sshd-config" for details.
# 3  
Old 02-02-2007
telnet should be done with /etc/default/login, "# If CONSOLE is set, root can only login on that device." The ssh has its own config file, /etc/ssh/sshd_config , change that line to no "PermitRootLogin yes" and restart your sshd.

gP
# 4  
Old 02-02-2007
Thanks guys. I was getting confused between the two (ssh and telnet). I thought that the /etc/default/login file controlled both daemons. I changed the sshd_config file and it stopped ssh and /etc/default/login stopped the telnets.
# 5  
Old 11-04-2008
vi /etc/ssh/sshd_config

change .... " permit root login no(make it yes)

then svcadm restart svc:/network.ssh
# 6  
Old 11-04-2008
Quote:
Originally Posted by sourav_ray
vi /etc/ssh/sshd_config

change .... " permit root login no(make it yes)

then svcadm restart svc:/network.ssh
svcadm does not work for Solaris 8
And gonzotonka , if you want to disable all users from using ssh/telnet/ftp, you might want to look into the /etc/services or /etc/inetd.conf file to comment out the lines with such services enabled and restart your inetd daemon
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

how to login with ssh to remote system with out applying the remote root/usr password

how to login with ssh to remote system with out applying the remote root/user password with rlogin we can ujse .rhosts file but with ssh howits possible plz guide (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies

2. Linux

How to find remote Linux box login account without login in to that box?

Hi, How to find remote Linux box login account without login in to that box? I don't have login account at my remote Linux box. But I need who are all having login account. How do I findout? Thanks, --Muthu. (3 Replies)
Discussion started by: Muthuselvan
3 Replies

3. BSD

Deny logon for x hours if login failed x times

Hello, I have a small inquiry. Sometimes, my good friend, Charlie Root, sends me security notifications that a possible breakin attempt has occured. It looks like this: Oct 29 06:58:17 cigva sshd: reverse mapping checking getaddrinfo for 180.144.164.220.broad.sm.yn.dynamic.163data.com.cn ... (2 Replies)
Discussion started by: brightstorm
2 Replies

4. Solaris

Remote ssh login as root

I edited my /etc/default/login file and commented the line: # If CONSOLE is set, root can only login on that device. # Comment this line out to allow remote login by root. # #CONSOLE=/dev/console I still cant login thru telnet or ssh. What else do i have to do to be able to login... (14 Replies)
Discussion started by: BG_JrAdmin
14 Replies

5. AIX

allow / deny root logins

Hello everyone I have to limit the root logins on my aix box (aix 5.3) I change the value on the /etc/security/user default (login and rlogin) change to false and add to root (rlogin and login = false) I tried in different ways but I got the same. Root still can login I try algo... (6 Replies)
Discussion started by: lo-lp-kl
6 Replies

6. AIX

Can't login root account due to can't find root shell

Hi, yesterday, I changed root's shell in /etc/passwd, cause a mistake then I can not log in root account (can't find correct shell). I attempted to log in single-mode, however, it prompted for single-mode's password then I type root's password but still can not log in. I'm using AIX 5L version 5.2... (2 Replies)
Discussion started by: neikel
2 Replies

7. AIX

Problems with disabling remote root login

Hello! I'm going through security checklist for AIX 5.3 and i just can't disable remote login for root through ssh. What i did: - in /etc/security/user i added a line: rlogin = false which works fine when i try to login through telnet - after installation of openSSH i edited... (3 Replies)
Discussion started by: veccinho
3 Replies

8. AIX

Deny root rlogin

Hi, I have to forbid root-logins on all my servers, expect from two machines, these 2 machines login with root without a password it was quite easy with ssh, but I have a problem regarding rsh/rlogin, an there are a lot of rsh jobs, so it would take a lot of time to change all this... (4 Replies)
Discussion started by: funksen
4 Replies

9. Answers to Frequently Asked Questions

Lost root password / Can't login as root

We have quite a few threads about this subject. I have collected some of them and arranged them by the OS which is primarily discussed in the thread. That is because the exact procedure depends on the OS involved. What's more, since you often need to interact with the boot process, the... (0 Replies)
Discussion started by: Perderabo
0 Replies

10. UNIX for Dummies Questions & Answers

deny ssh from root - how to?

using redhat 7.2 Is it possible to not allow root to ssh into the server remotely, but allow the account that ssh'd in to the box to su to root? This way there is the added security of a hacker needing two passwords to hack your computer, a username/password for a regular account and also the... (3 Replies)
Discussion started by: theDirtiest
3 Replies
Login or Register to Ask a Question