HPE Community
Operating System - HP-UX
1844255 Members
2943 Online
110230 Solutions
New Discussion

blocking root access from a telnet session

 
SOLVED
Go to solution
Bob_16
Frequent Advisor

‎10-23-2002 03:51 PM

‎10-23-2002 03:51 PM

blocking root access from a telnet session

i want to block root access from a telnet session. the admin must be at the console to login directly as root. however i want to telnet with a valid username, then execute su to root when needed.

is there a console=/dev/console parameter i could set for this?

thanks
0 Kudos
Reply
5 REPLIES 5
Jeff Schussele
Honored Contributor

‎10-23-2002 03:58 PM

‎10-23-2002 03:58 PM

Solution

Re: blocking root access from a telnet session

Hi Bobby,

Create a file in /etc called

securetty

And in that file place the word

console

And only that word.
Then set perms on /etc/securetty to

-r--r--r-- root:sys

This will allow root logins ONLY from the console

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Michael Tully
Honored Contributor

‎10-23-2002 04:03 PM

‎10-23-2002 04:03 PM

Re: blocking root access from a telnet session

Sorry, the permissions should be '400' we don't want write permissions, and only 'root' should be able to read it.
Anyone for a Mutiny ?
0 Kudos
Reply
Michael Tully
Honored Contributor

‎10-23-2002 04:05 PM

‎10-23-2002 04:05 PM

Re: blocking root access from a telnet session

Hi,

What your looking for is to have root only login directly from the console.

# echo "console" >>/etc/securetty; chmod 700 /etc/securetty ; chown root:sys /etc/securetty

You might wish to invest some time into installing 'sudo' as well. You can get it from here: http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.6/

HTH
Michael
Anyone for a Mutiny ?
Reply
Bob_16
Frequent Advisor

‎10-23-2002 04:22 PM

‎10-23-2002 04:22 PM

Re: blocking root access from a telnet session

thanks! for the quick response, that's amazing.

i've set this up on a test box, and it does what i want. too bad hp-ux doesn't convey a message like solaris stating you are not at a console, but i can live with that.

thanks again.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎10-23-2002 04:39 PM

‎10-23-2002 04:39 PM

Re: blocking root access from a telnet session

That's amazing Michael!
You corrected yourself before you even answered =~)

Hee..hee..hee,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.