https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350877#M344801 You must create it.<BR /><BR />The easiest way:<BR /><BR /># echo console &gt; /etc/securetty Tue, 03 Feb 2009 20:25:37 GMT Patrick Wallek 2009-02-03T20:25:37Z https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350866#M344790 Hi,<BR /><BR />Can anbody tell me how to check remote root login enabled or not?<BR /><BR />In solaris we have /etc/default/login file.<BR />We have to uncomment the /dev/console field.<BR /><BR />Is ther any way to check the same in hp-ux?<BR /><BR />Regards,<BR /><BR /> Tue, 03 Feb 2009 19:11:27 GMT https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350866#M344790 himacs 2009-02-03T19:11:27Z https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350867#M344791 Shalom,<BR /><BR />This is somewhat dependent on connection protocol.<BR /><BR />ssh:<BR /><BR /><A href="http://docs.hp.com/en/5992-3387/ch05s06.html" target="_blank">http://docs.hp.com/en/5992-3387/ch05s06.html</A><BR /><BR />DCE<BR /><BR /><A href="http://docs.hp.com/en/5991-7712/ch02s04.html" target="_blank">http://docs.hp.com/en/5991-7712/ch02s04.html</A><BR /><BR />telnet et al<BR /><A href="http://docs.hp.com/en/5992-3387/ch05s01.html" target="_blank">http://docs.hp.com/en/5992-3387/ch05s01.html</A><BR /><BR />SEP Tue, 03 Feb 2009 19:20:36 GMT https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350867#M344791 Steven E. Protter 2009-02-03T19:20:36Z https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350868#M344792 For telnet the file is /etc/securetty. For ssh it is /opt/ssh/etc/sshd_conf. Tue, 03 Feb 2009 19:22:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350868#M344792 Tingli 2009-02-03T19:22:13Z https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350869#M344793 Hi guys<BR /><BR />I dont want to any user to use root account on the network.Only thro direct console only root should work.<BR /><BR />regards, Tue, 03 Feb 2009 19:25:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350869#M344793 himacs 2009-02-03T19:25:55Z https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350870#M344794 That is right. To block root login from non-console you need to:<BR />1) echo console &gt;&gt; /etc/securetty<BR />2) In file /etc/ssh/sshd_conf, you need to set "PermitRootLogin no" Tue, 03 Feb 2009 19:35:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350870#M344794 Tingli 2009-02-03T19:35:18Z https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350871#M344795 Sorry, the file sshd_conf is located in /opt/ssh/etc. Tue, 03 Feb 2009 19:37:27 GMT https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350871#M344795 Tingli 2009-02-03T19:37:27Z https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350872#M344796 Hi Tinqli,<BR /><BR />Thnks for the response.<BR /><BR />Can u please brief me about the <BR />echo console&gt;&gt;/etc/security.<BR /><BR />Regards, Tue, 03 Feb 2009 19:43:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350872#M344796 himacs 2009-02-03T19:43:33Z https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350873#M344797 Or you can edit the file /etc/securetty. And add a line "console" to the end of the file. Tue, 03 Feb 2009 19:50:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350873#M344797 Tingli 2009-02-03T19:50:32Z https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350874#M344798 Hi Tinqli,<BR /><BR />I didnot find any file named /etc/security and /etc/securetty.Is this default one or we need to create manually?<BR /><BR />Regards,<BR /><BR /> Tue, 03 Feb 2009 19:53:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350874#M344798 himacs 2009-02-03T19:53:47Z https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350875#M344799 Here is a link about it:<BR /> <A href="http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1233691010179+28353475&amp;threadId=1174327" target="_blank">http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1233691010179+28353475&amp;threadId=1174327</A> Tue, 03 Feb 2009 19:58:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350875#M344799 Tingli 2009-02-03T19:58:09Z https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350876#M344800 Hi Tinqli,<BR /><BR />Thanks for ur timely response.<BR /><BR />As m new in hp-ux, i have some doubts.<BR /><BR />/etc/securetty file is default one or manually we need to create?<BR /><BR />becuase i didnot find the same in my system.<BR /><BR />regards,<BR /> Tue, 03 Feb 2009 20:12:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350876#M344800 himacs 2009-02-03T20:12:39Z https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350877#M344801 You must create it.<BR /><BR />The easiest way:<BR /><BR /># echo console &gt; /etc/securetty Tue, 03 Feb 2009 20:25:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350877#M344801 Patrick Wallek 2009-02-03T20:25:37Z https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350878#M344802 Hi Himacs ,<BR /><BR /> Through /etc/securetty and /opt/ssh/etc/sshd_conf , you can rstrict direct root login to the server.But at the same time any user can login with his username and switch to root (su -)....<BR /><BR /> To prevent this you have to add an entry in /etc/default/security file . ie<BR /><BR />SU_ROOT_GROUP=group<BR /><BR /> Now users attempting to su to root must be a memeber of this group .<BR /><BR />Thanks<BR /> Wed, 04 Feb 2009 07:57:51 GMT https://community.hpe.com/t5/operating-system-hp-ux/remote-root-login/m-p/4350878#M344802 Sani 2009-02-04T07:57:51Z