HPE Community
Operating System - HP-UX
1828340 Members
3814 Online
109976 Solutions
New Discussion

Re: Deny ssh root logins, but allow ssh remote commands?

 
SOLVED
Go to solution
Keith Buck
Respected Contributor

‎01-21-2005 04:30 AM

‎01-21-2005 04:30 AM

Re: Deny ssh root logins, but allow ssh remote commands?

Gordon,

Having not experimented with this myself, I think that the commands you need to specify are your script names, not the commands that your scripts call. This should be easier to maintain.

Also, after you get the basics working, you may want to check out HP-UX RBAC (just released and not available on older OS streams, so this is a suggestion for the future) to try to divvy up your root responsibilities. That way you don't have to login as root to get many of your administrative tasks performed.


Hope that helps.
-Keith
0 Kudos
Gordon Morrison_1
Regular Advisor

‎01-25-2005 11:34 PM

‎01-25-2005 11:34 PM

Re: Deny ssh root logins, but allow ssh remote commands?

Thanks to all who replied. The solution I'm going with is PermitRootLogins forced-commands-only, and max points to everyone who suggested that (even if I didn't understand you at first) and double points to Ralph for re-inventing the wheel and making it work! (I call it a Mobile Load-Bearing Axle Extender Cap!)
It wasn't exactly what I wanted, but on reflection, ssh would be much less secure if it did what I wanted in this case. I'll just have to re-write my scripts to run locally via a remote call.
What does this button do?
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.