cancel
Showing results for 
Search instead for 
Did you mean: 

how to root can not login...

SOLVED
Go to solution
mw_4
Frequent Advisor

how to root can not login...

Hi all

login problem..
I have ALZZA Linux on an i686.
I want to know how to block to login from root.
How many ways are there?
Any good tips are enough...
Step by step
10 REPLIES
Bill Douglass
Esteemed Contributor

Re: how to root can not login...

/etc/securetty defines which terminals root can log in from. If you want to restrict root to logging in from the system console (and it's generally a good idea to let root in on the console) then put

console

in the file. Delete any other entries, and root is restricted to that login only.

Also, you can restrict root from logging in via ssh by putting the following line in /etc/ssh/sshd_config:


PermitRootLogin no
mw_4
Frequent Advisor

Re: how to root can not login...

sorry..
root can still login.
securetty file has console
[root@ecdev /root]# cat /etc/securetty
console
what's wrong?
Step by step
Vitaly Karasik_1
Honored Contributor

Re: how to root can not login...

are you asking about blocking remote root's login or local login?
mw_4
Frequent Advisor

Re: how to root can not login...

I'm asking remote's root login
Step by step
Vitaly Karasik_1
Honored Contributor

Re: how to root can not login...

Hm... For remote telnet login

/etc/securetty does its job usually....

can you please send us your securetty?

Vitaly
mw_4
Frequent Advisor

Re: how to root can not login...

[root@ecdev /root]# cat /etc/securetty
console
Step by step
Vitaly Karasik_1
Honored Contributor
Solution

Re: how to root can not login...

what is ALZZA linux?

Do you have /etc/pam.d/login file and

auth required pam_securetty.so


inside?
Bill Douglass
Esteemed Contributor

Re: how to root can not login...

OK, what version of alzza linux are you running?

How is root logging in (telnet, ssh, rlogin)

What does the man page for securetty tell you (it should be short, so you can post the contents in your reply)
mw_4
Frequent Advisor

Re: how to root can not login...

of course..
[root@ecdev pam.d]# cat login
#%PAM-1.0
#auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
account #required /lib/security/pam_access.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so nullok use_authtok md5 shadow
session required /lib/security/pam_pwdb.so
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so

it has the line #auth required /lib/security/pam_securetty.so
after uncommeted the line,
remote login(root) can not login...
thanks
Vitaly..
all of tips are helpful..
Step by step
Caesar_3
Esteemed Contributor

Re: how to root can not login...

Hello!

If you want to make your computer to be very secure, that root will do just what you will say he can do, to control about every move that made in the system you should download the NSA package and compile it intro your kernel.
The NSA give you a new view about security.
After the install you could make a root as an ordenary user, what you will say he will do, the other functions of root you could give to other user in the end you can give a few users but no of them is with root priv. as you know for now, every user could do his part of administration.

Caesar