HPE Community
Operating System - HP-UX
1754014 Members
4241 Online
108811 Solutions
New Discussion юеВ

Re: ssh cannot login only for root in trusted mode -root audit turn on.

 
Fauziah Mahdan
Super Advisor

тАО12-28-2007 08:42 AM

тАО12-28-2007 08:42 AM

ssh cannot login only for root in trusted mode -root audit turn on.

Hi all i have HPUX11.23 server turn on the trusted mode and only turn on audit log for root id.
The problem is i can login through console using rrot id but not through ssh and winscp.
Other users like oracle console and ssh can login.


Regards,
Fauziah Mahdan
0 Kudos
Reply
5 REPLIES 5
Srikanth Arunachalam
Trusted Contributor

тАО12-28-2007 09:04 AM

тАО12-28-2007 09:04 AM

Re: ssh cannot login only for root in trusted mode -root audit turn on.

Hi,

Allowing ssh client to perform root privileged activity on remote server will defeat the purpose of advanced security feature in trusted server. There is no need to give the SSH client software any of root's special privileges.

You may refer to the below article if you still want to override.

http://www.snailbook.com/faq/trusted-host-howto.auto.html

Hope this helps.


Regards,
Srikanth
0 Kudos
Reply
Fauziah Mahdan
Super Advisor

тАО12-28-2007 09:17 AM

тАО12-28-2007 09:17 AM

Re: ssh cannot login only for root in trusted mode -root audit turn on.

Is it? but according to the auditor it is more safe using ssh instead of telnet?
0 Kudos
Reply
Anshumali
Esteemed Contributor

тАО12-29-2007 08:20 AM

тАО12-29-2007 08:20 AM

Re: ssh cannot login only for root in trusted mode -root audit turn on.

Check you sshd_config at
/opt/ssh/etc/sshd_config
and look for PermitRootLogin No

You can change it to yes and you will have to get it re-read.

/sbin/init.d/secsh stop; /sbin/init.d/secsh start


Cheers!
Anshu
Dreams are not which you see while sleeping, Dreams are which doesnt allow you to sleep while you are chasing for them!!
0 Kudos
Reply
Roberto Arias
Valued Contributor

тАО01-08-2008 07:14 AM

тАО01-08-2008 07:14 AM

Re: ssh cannot login only for root in trusted mode -root audit turn on.

Hello Fauziah:

please check if you root account is disabled and then you can connect by console , only

best regards
The man is your friend
0 Kudos
Reply
Tim Nelson
Honored Contributor

тАО01-08-2008 07:22 AM

тАО01-08-2008 07:22 AM

Re: ssh cannot login only for root in trusted mode -root audit turn on.

Keep in mind the console access runs a differnt login process, i.e. getty compared to telnetd, sshd, etc..

The configurations and restrictions are different.

getty process running on the console
1) there are no user based restrictions other than any that could be placed in /etc/passwd or profiles.

Telnet
1) /etc/securetty restricts direct login as root to console only

ssh
1) root access can be restricted in /opt/ssh/etc/sshd_config. This covers all sshd processes, i.e. ssh and scp and sftp.

ftp
1) /etc/ftpd/ftpusers can be configured to restrict root ftp access.

You will need to review all these configurations depending on what method you are using to access the system.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.