https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494655#M732918 Is there a file that I can create that blocks root access to the console when using SSH?<BR /><BR />I already have the /etc/securetty file on my UNIX system, however, it seems to only block root direct login using telnet.<BR /><BR /> Wed, 09 Sep 2009 19:48:56 GMT David Land 2009-09-09T19:48:56Z https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494655#M732918 Is there a file that I can create that blocks root access to the console when using SSH?<BR /><BR />I already have the /etc/securetty file on my UNIX system, however, it seems to only block root direct login using telnet.<BR /><BR /> Wed, 09 Sep 2009 19:48:56 GMT https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494655#M732918 David Land 2009-09-09T19:48:56Z https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494656#M732919 If you want to block root access via SSH overall, you should set<BR /><BR />PermitRootLogin No<BR /><BR />in your sshd_config file. The location of this file varies depending on your installation of SSH. This will disallow direct SSH to the server as the root user. Wed, 09 Sep 2009 19:53:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494656#M732919 Patrick Wallek 2009-09-09T19:53:22Z https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494657#M732920 I found my sshd_config file and uncommented the PermitRootLogin option and added No to it. However, I can still logon as root using SSH.<BR /><BR />Is there another reason why this is occuring? Wed, 09 Sep 2009 20:20:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494657#M732920 David Land 2009-09-09T20:20:01Z https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494658#M732921 You need to stop and restart SSH. Wed, 09 Sep 2009 20:27:21 GMT https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494658#M732921 Patrick Wallek 2009-09-09T20:27:21Z https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494659#M732922 You may not want to do this, as the console is your 'salvation' should a problem occur with an ssh session and he root account. I recognize auditors may feel this makes the system safer, but it depends on how you use ssh and how secure your DC is. The console access has saved us many times. Wed, 09 Sep 2009 22:42:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494659#M732922 Walt Watson 2009-09-09T22:42:44Z https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494660#M732923 How do you stop and restart SSH? Thu, 10 Sep 2009 12:41:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494660#M732923 David Land 2009-09-10T12:41:04Z https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494661#M732924 /sbin/init.d/secsh stop<BR />/sbin/init.d/secsh start Thu, 10 Sep 2009 12:46:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/locking-root-access-using-ssh/m-p/4494661#M732924 Mel Burslan 2009-09-10T12:46:32Z