HPE Community
Operating System - HP-UX
1834809 Members
2638 Online
110070 Solutions
New Discussion

Re: Disable root telnet access

 
Andy Wu_2
Occasional Contributor

‎05-14-2003 10:24 AM

‎05-14-2003 10:24 AM

Disable root telnet access

How do I disable root telnet access in HPUX 11i?

Is there a similar file like securettys for True64 to disable root telnet access?

Thanks
Andy
If your mind isn't open, keep you mouth shut too
0 Kudos
Reply
6 REPLIES 6
David Child_1
Honored Contributor

‎05-14-2003 10:26 AM

‎05-14-2003 10:26 AM

Re: Disable root telnet access

Andy, yes there is:

just enter 'console' in /etc/securetty and root will not be able to telnet to the server.

David
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎05-14-2003 10:27 AM

‎05-14-2003 10:27 AM

Re: Disable root telnet access

Yes, there is. Create a file called /etc/securetty and put the word console in it.

# cat /etc/securetty
console

That will prevent root logging in directly from anywhere but the console. It will allow you to log in via telnet as a regular user and, if you know the root password, do a 'su -' to get to root.
0 Kudos
Reply
John Poff
Honored Contributor

‎05-14-2003 10:28 AM

‎05-14-2003 10:28 AM

Re: Disable root telnet access

Hi Andy,

You can create a file named /etc/securetty in HP-UX and put the valid ttys where root can login from. Normally you will just put in 'console' and then root can only login at the console.

See the man page for 'login' for more information about securetty.

JP
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎05-14-2003 10:28 AM

‎05-14-2003 10:28 AM

Re: Disable root telnet access

Simply create a file called /etc/securetty (perm=440) and put the line
console
in it. That would ONLY allow root login from the console.
0 Kudos
Reply
Andy Wu_2
Occasional Contributor

‎05-14-2003 10:35 AM

‎05-14-2003 10:35 AM

Re: Disable root telnet access

David,

Duh... Thinking that if the file wasn't there, it couldn't be done that way.

Thanks for the quick reply!!

Andy
If your mind isn't open, keep you mouth shut too
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎05-14-2003 03:55 PM

‎05-14-2003 03:55 PM

Re: Disable root telnet access

One additional 'feature' for securetty: if the file is empty, then no one can login as root through any channel (LAN, serial, modem, etc). Pretty secure, eh? Actually, this is a useful setting...any user can use su to become root, thus requiring two successful logins to become root, and with sulog, a good audit trail of who, when and where su was run.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.