Operating System - Tru64 Unix
1748259 Members
4022 Online
108760 Solutions
New Discussion юеВ

Re: Tru64 PK6 enhanced security config

 
Rakesh Jha_1
Advisor

Tru64 PK6 enhanced security config

Recently we installed Tru64 V5.1B-4 (PK6). I have confiured enhanced secuirty using defualts. After configuring this can not login through ssh.
After configuring security I created two users and tested them ok on console but I cannot log with these user IDs through ssh (telnet is disabled). Now when cosole locked after long inactivity. Now I am unable to login. Console does not accept the root password.
Any solution? We faced no such issue when we configurred C2 security with V5.1B-3.
4 REPLIES 4
Ivan Ferreira
Honored Contributor

Re: Tru64 PK6 enhanced security config

I had a similar problem once when I configured Enhanced Security but the system was not rebooted, you should reboot the system or you will have this kind of problems.

You could restart the ssh daemon by running:

/sbin/init.d/sshd stop
/sbin/init.d/sshd start

That should make at least SSH work.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Ann Majeske
Honored Contributor

Re: Tru64 PK6 enhanced security config

Ivan is correct, rebooting is a requirement when you change the Security mode (Base->Enhanced or Enhanced->Base). This is because applications and daemons that are not restarted will be looking for your authentication information in the wrong place and trying to do the authentication using the wrong mode.

Ann
Rakesh Jha_1
Advisor

Re: Tru64 PK6 enhanced security config

Thanks.
After I rebooted I could login through ssh. But root login over ssh was still not possible until I modified /etc/securettys like we used to it for root login over telnet.
Is it necessary or there is other way of allowing root over ssh.

In V5.1B-3 root login over ssh was allowed without modification of /etc/securettys.
Exequiel
New Member

Re: Tru64 PK6 enhanced security config

Rakesh, you may see the sshd_config man page. There is an option that allows root logins. It's AlowRootLogin yes.
I hope this would help.