https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973503#M120902 Andy, yes there is:<BR /><BR />just enter 'console' in /etc/securetty and root will not be able to telnet to the server.<BR /><BR />David Wed, 14 May 2003 17:26:43 GMT David Child_1 2003-05-14T17:26:43Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973502#M120901 How do I disable root telnet access in HPUX 11i?<BR /><BR />Is there a similar file like securettys for True64 to disable root telnet access?<BR /><BR />Thanks<BR />Andy Wed, 14 May 2003 17:24:42 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973502#M120901 Andy Wu_2 2003-05-14T17:24:42Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973503#M120902 Andy, yes there is:<BR /><BR />just enter 'console' in /etc/securetty and root will not be able to telnet to the server.<BR /><BR />David Wed, 14 May 2003 17:26:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973503#M120902 David Child_1 2003-05-14T17:26:43Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973504#M120903 Yes, there is. Create a file called /etc/securetty and put the word console in it.<BR /><BR /># cat /etc/securetty<BR />console<BR /><BR />That will prevent root logging in directly from anywhere but the console. It will allow you to log in via telnet as a regular user and, if you know the root password, do a 'su -' to get to root. Wed, 14 May 2003 17:27:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973504#M120903 Patrick Wallek 2003-05-14T17:27:39Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973505#M120904 Hi Andy,<BR /><BR />You can create a file named /etc/securetty in HP-UX and put the valid ttys where root can login from. Normally you will just put in 'console' and then root can only login at the console.<BR /><BR />See the man page for 'login' for more information about securetty.<BR /><BR />JP<BR /> Wed, 14 May 2003 17:28:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973505#M120904 John Poff 2003-05-14T17:28:01Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973506#M120905 Simply create a file called /etc/securetty (perm=440) and put the line<BR />console<BR />in it. That would ONLY allow root login from the console. Wed, 14 May 2003 17:28:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973506#M120905 S.K. Chan 2003-05-14T17:28:13Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973507#M120906 David,<BR /><BR />Duh... Thinking that if the file wasn't there, it couldn't be done that way.<BR /><BR />Thanks for the quick reply!!<BR /><BR />Andy Wed, 14 May 2003 17:35:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973507#M120906 Andy Wu_2 2003-05-14T17:35:22Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973508#M120907 One additional 'feature' for securetty: if the file is empty, then no one can login as root through any channel (LAN, serial, modem, etc). Pretty secure, eh? Actually, this is a useful setting...any user can use su to become root, thus requiring two successful logins to become root, and with sulog, a good audit trail of who, when and where su was run. Wed, 14 May 2003 22:55:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-telnet-access/m-p/2973508#M120907 Bill Hassell 2003-05-14T22:55:25Z