Security
Showing results for 
Search instead for 
Do you mean 

root should login only through console.

SOLVED
Go to Solution
Frequent Advisor

root should login only through console.

Hi,

 

i want to configure all my servers such that i cannot login to through root directly. only way login through root is by console. For achieving this i have made an entry in /etc/securetty file with the console written in it. But still i am able to login with root directly. is there anything more i need to do to achieve this?

 

 

Thanks,

Vijay

Lead Engineer, IMS.
iGATE
4 REPLIES
Honored Contributor Honored Contributor

Re: root should login only through console.

>>But still i am able to login with root directly.

 

How are you logging in?  Are you logging in via SSH, telnet, rlogin, X-Windows?

 

If you are using SSH then the /etc/securetty file is not used.  There is an option in ssh_config or sshd_config (I can't remember which one) called ALLOW_ROOT_LOGIN (or something similar).  If it is set to YES, change it to no and then restart SSH on the server.

Frequent Advisor

Re: root should login only through console.

yes, thanks.

i am loggin through SSH via putty.

 

that is /opt/ssh/et/sshd_config file and the parameter is permitRootLogin no.

 

Thanks,

Vijay

Lead Engineer, IMS.
iGATE

Re: root should login only through console.

Make sure you have enforcesecuretty set to yes in your sshd_config file.  See page 44:

 

http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c03243765/c03243765.pdf

 

Honored Contributor Honored Contributor

Re: root should login only through console.


vijay alur alur wrote:

yes, thanks.

i am loggin through SSH via putty.

 

that is /opt/ssh/et/sshd_config file and the parameter is permitRootLogin no.

 

Thanks,

Vijay


Very good.  I was responding off-the-cuff without double-cheking the files themselves.  I'm glad you found what you needed.