https://community.hpe.com/t5/operating-system-hp-ux/after-setup-etc-securetty-file-generating-message/m-p/4448722#M358385 The standard /usr/bin/login does not have the facilities to create customized rejection messages.<BR /><BR />Instead, you might use /etc/issue (for serial-attached terminals) or banner files (for network connections; see the man page of your network connection server daemon) to announce this to *everyone* logging in.<BR /><BR />If the server knows in advance that an authentication attempt is inevitably going to fail (i.e. the user chose the username "root"), it is more secure to allow the user to go through the motions of the standard authentication procedure and *then* kick the user out, *without* telling him/her exactly what was wrong. <BR /><BR />This way a potential intruder cannot gather information on what is allowed and what isn't, and may spend some time making useless attempts. That allows the sysadmin more time and evidence to detect the intrusion attempt.<BR /><BR />MK Mon, 29 Jun 2009 09:20:33 GMT Matti_Kurkela 2009-06-29T09:20:33Z https://community.hpe.com/t5/operating-system-hp-ux/after-setup-etc-securetty-file-generating-message/m-p/4448721#M358384 I setup /etc/securetty file to inhibit access as root user. <BR /><BR />I want to generate information message when the user try to login with root user.<BR /><BR />It's just a sample message.<BR />"The root user is prohobited to login.<BR />You must login with other users."<BR /><BR />How can I generate above message?<BR />Thanks in advance. Mon, 29 Jun 2009 01:16:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/after-setup-etc-securetty-file-generating-message/m-p/4448721#M358384 Byun Hee Joong 2009-06-29T01:16:39Z https://community.hpe.com/t5/operating-system-hp-ux/after-setup-etc-securetty-file-generating-message/m-p/4448722#M358385 The standard /usr/bin/login does not have the facilities to create customized rejection messages.<BR /><BR />Instead, you might use /etc/issue (for serial-attached terminals) or banner files (for network connections; see the man page of your network connection server daemon) to announce this to *everyone* logging in.<BR /><BR />If the server knows in advance that an authentication attempt is inevitably going to fail (i.e. the user chose the username "root"), it is more secure to allow the user to go through the motions of the standard authentication procedure and *then* kick the user out, *without* telling him/her exactly what was wrong. <BR /><BR />This way a potential intruder cannot gather information on what is allowed and what isn't, and may spend some time making useless attempts. That allows the sysadmin more time and evidence to detect the intrusion attempt.<BR /><BR />MK Mon, 29 Jun 2009 09:20:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/after-setup-etc-securetty-file-generating-message/m-p/4448722#M358385 Matti_Kurkela 2009-06-29T09:20:33Z https://community.hpe.com/t5/operating-system-hp-ux/after-setup-etc-securetty-file-generating-message/m-p/4448723#M358386 Shalom,<BR /><BR />I would use /etc/issue as well.<BR /><BR />Or not use /etc/securetty and build some code into /etc/profile to display the message.<BR /><BR />/etc/issue and your current changes is the most secure way to prevent direct root login.<BR /><BR />You might also try public key only ssh login for root, it is very secure and convenient for administrators.<BR /><BR /><A href="http://www.hpux.ws/?p=19" target="_blank">http://www.hpux.ws/?p=19</A><BR /><BR />SEP Mon, 29 Jun 2009 09:46:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/after-setup-etc-securetty-file-generating-message/m-p/4448723#M358386 Steven E. Protter 2009-06-29T09:46:15Z