https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859543#M276489 Hmorrison,<BR /><BR />Also please do not forget to assign points to people that is taking their time to help you out.<BR /><BR /><A href="http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1058052" target="_blank">http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1058052</A><BR /><BR />7 points to 61 responses.<BR /><BR />Regards,<BR /><BR />Jaime. Fri, 08 Sep 2006 12:10:33 GMT Jaime Bolanos Rojas. 2006-09-08T12:10:33Z https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859537#M276483 I was wondering if the etc/securetty file contains anything else besides the list of valid ttys for root login. Also, does it mean that if this file does not exist , root can be accessed from anywhere, providing the password is known? Fri, 08 Sep 2006 11:51:17 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859537#M276483 hmorrison 2006-09-08T11:51:17Z https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859538#M276484 No, the /etc/securetty file shoud NOT contain anything other than the list of tty's root can log in from.<BR /><BR />Yes, if the file does not exist then root can log in from anywhere.<BR /> Fri, 08 Sep 2006 11:58:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859538#M276484 Patrick Wallek 2006-09-08T11:58:45Z https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859539#M276485 Hi,<BR /><BR />All correct, with the only difference that if present, that doesnt mean root cannot access other than...<BR />Understand it is not valid for X windows... (CDE environment)<BR /><BR /><BR />All the best<BR />Victor Fri, 08 Sep 2006 12:00:17 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859539#M276485 Victor BERRIDGE 2006-09-08T12:00:17Z https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859540#M276486 Oops -- too quick on the submit.<BR /><BR />That is why it is recommended that the /etc/securetty file contain a single word: console<BR /><BR />That way root can only log in directly from /dev/console, the direct attached console or a web console.<BR /><BR />Another thing to think about though is SSH access. Unless your ssh.conf and/or sshd.conf (I can't quite remember) is configured correctly, then root can SSH from one machine to another. Have a look at the ssh.conf and sshd.conf man pages for information on how to restrict that. Fri, 08 Sep 2006 12:01:17 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859540#M276486 Patrick Wallek 2006-09-08T12:01:17Z https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859541#M276487 Hmorrison,<BR /><BR />From the login man page:<BR /><BR />"If the /etc/securetty file is present, login security is in effect, i.e., root is allowed to log in successfully only on the ttys listed in this file. Restricted ttys are listed by device name, one per line. Valid tty names are dependent on the installation. An example is <BR /><BR />console<BR />tty01<BR />ttya1<BR />etc.<BR /><BR />Note that this feature does not inhibit a normal user from using the su command"<BR /><BR />Regards,<BR /><BR />Jaime<BR /> Fri, 08 Sep 2006 12:07:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859541#M276487 Jaime Bolanos Rojas. 2006-09-08T12:07:15Z https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859542#M276488 check sshd_config for the following line<BR /><BR />#PermitRootLogin no<BR /><BR />If it says uncommented and "yes" then root can login through ssh. Fri, 08 Sep 2006 12:09:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859542#M276488 IT_2007 2006-09-08T12:09:31Z https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859543#M276489 Hmorrison,<BR /><BR />Also please do not forget to assign points to people that is taking their time to help you out.<BR /><BR /><A href="http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1058052" target="_blank">http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1058052</A><BR /><BR />7 points to 61 responses.<BR /><BR />Regards,<BR /><BR />Jaime. Fri, 08 Sep 2006 12:10:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-securetty/m-p/3859543#M276489 Jaime Bolanos Rojas. 2006-09-08T12:10:33Z