- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- sshd and locked root account
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2005 07:26 AM
тАО06-10-2005 07:26 AM
sshd and locked root account
I have HPUX B.11.11 (Trusted system) with HP-UX Secure Shell (T1471AA from hpux.connect.org.uk) installed.
This node is connected to Internet so people can connect with ssh to it.
And the root account is locked out all the time because of the script-kiddies, to run the sshd on another port is not an solution...
Does anyone know how to solve this?
Thank you for your response and help :-)
Important info:
uname -sr: HP-UX B.11.11
sshd -v: OpenSSH_4.1, OpenSSL 0.9.7e 25 Oct 2004
HP-UX Secure Shell-A.04.00.000, HP-UX Secure Shell version
/opt/ssh/etc/sshd_config: PermitRootLogin no
/etc/securetty: console
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2005 07:45 AM
тАО06-10-2005 07:45 AM
Re: sshd and locked root account
By default ssh listens on 0.0.0.0 as in all interfaces.
#ListenAddress 0.0.0.0
ListenAddress 192.168.0.70
By adding this entry I was able to make it stop listening on the public internet NIC.
/sbin/init.d/secsh stop
/sbin/init.d/secsh start
If you only have one interface and its on the public Internet this solution will not work.
I did build a trigger program/daemon that stopped the script kiddies 95% of the time, but that wasn't good enough.
SEP
http://www.isnamerica.com/contactsep.shtml
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2005 01:52 PM
тАО06-10-2005 01:52 PM
Re: sshd and locked root account
PermitRootLogin no
Then install and use sudo for all root activities. The sshd config prevents attempts to login as root from ever getting to a password request--thus, no failed login counts.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2005 02:15 PM
тАО06-10-2005 02:15 PM
Re: sshd and locked root account
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-19-2005 12:00 AM
тАО12-19-2005 12:00 AM
Re: sshd and locked root account
It is run every minute and checks if the account is locked or not.
And ofcourse! root is not allowed to login (but still he get his account locked, so it's not really a security issue, but it is strange).
Thank you all for your help.
Robert