Re: Allow login from Console only

Juliana Lee · ‎01-25-2001

Hello

I followed the following instruction:

# echo console >> /etc/securetty
# chmod 600 /etc/securetty

I couldn't telnet as root but could login as a normal user and "su" as root, however, I am still able to login as root from other terminal. What can I do to disable this?

Patrick Wallek · ‎01-25-2001

Here is an ll of my /etc/securetty file:

-r-sr-xr-x 1 root sys 8 Mar 11 1996 /etc/securetty

I don't know if this will make a difference or not, but it's worth a shot.

Dan Hetzel · ‎01-25-2001

Hi Juliana,

Make sure your /etc/securetty has one single line.

# echo console > /etc/securetty
# chown root:sys /etc/securetty
# chmod 644 /etc/securetty

This should prevent root logins from all terminals but the system console

Best regards,

Dan

Everybody knows at least one thing worth sharing -- mailto:dan.hetzel@wildcroft.com

Dan Hetzel · ‎01-25-2001

Hi Patrick,

I don't really understand the permissions of your /etc/securetty file.
It shouldn't be marked for execution and surely not SUID....

On all servers we have here it's set to
-rw-r--r-- root sys ........

All the best,

Dan

Everybody knows at least one thing worth sharing -- mailto:dan.hetzel@wildcroft.com

Juliana Lee · ‎01-25-2001

Thanks Guys, I did both of your suggestions

# ll /etc/securetty
-r-Sr-xr-x 1 root sys 8 Jan 25 10:49 /etc/securetty
# cat /etc/securetty
console

# chmod 644 /etc/securetty
# ll /etc/securetty
-rw-r--r-- 1 root sys 8 Jan 25 10:49 /etc/securetty

login and out again, I still can login as root.
I wonder if there is something to do with the dtterm! It seems that the file is not being read.

Dan Hetzel · ‎01-25-2001

Hi Juliana,

Are you using OpenSSH ?

In that case, set "PermitRootLogin no" in your sshd_config file and restart the SSH daemon.

Best regards,

Dan

Everybody knows at least one thing worth sharing -- mailto:dan.hetzel@wildcroft.com

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Allow login from Console only

Allow login from Console only