Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Security
cancel
Showing results for 
Search instead for 
Did you mean: 

root should login only through console.

SOLVED
Go to solution
vijay alur alur
Frequent Advisor

root should login only through console.

Hi,

 

i want to configure all my servers such that i cannot login to through root directly. only way login through root is by console. For achieving this i have made an entry in /etc/securetty file with the console written in it. But still i am able to login with root directly. is there anything more i need to do to achieve this?

 

 

Thanks,

Vijay

Lead Engineer, IMS.
iGATE
4 REPLIES
Patrick Wallek
Honored Contributor
Solution

Re: root should login only through console.

>>But still i am able to login with root directly.

 

How are you logging in?  Are you logging in via SSH, telnet, rlogin, X-Windows?

 

If you are using SSH then the /etc/securetty file is not used.  There is an option in ssh_config or sshd_config (I can't remember which one) called ALLOW_ROOT_LOGIN (or something similar).  If it is set to YES, change it to no and then restart SSH on the server.

vijay alur alur
Frequent Advisor

Re: root should login only through console.

yes, thanks.

i am loggin through SSH via putty.

 

that is /opt/ssh/et/sshd_config file and the parameter is permitRootLogin no.

 

Thanks,

Vijay

Lead Engineer, IMS.
iGATE

Re: root should login only through console.

Make sure you have enforcesecuretty set to yes in your sshd_config file.  See page 44:

 

http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c03243765/c03243765.pdf

 

Highlighted
Patrick Wallek
Honored Contributor

Re: root should login only through console.


vijay alur alur wrote:

yes, thanks.

i am loggin through SSH via putty.

 

that is /opt/ssh/et/sshd_config file and the parameter is permitRootLogin no.

 

Thanks,

Vijay


Very good.  I was responding off-the-cuff without double-cheking the files themselves.  I'm glad you found what you needed.