HPE Community
Operating System - HP-UX
1832993 Members
2804 Online
110048 Solutions
New Discussion

Re: Disable root telnet

 
Raghuram Ollakal_1
Advisor

‎04-30-2003 05:50 AM

‎04-30-2003 05:50 AM

Disable root telnet

I would like to know is there a way in HPUX you can disable root to telnet to the server. I know sun solaris under " /etc/default/login" you can block root telnet to the server.
no personal quote
0 Kudos
Reply
6 REPLIES 6
John Poff
Honored Contributor

‎04-30-2003 05:52 AM

‎04-30-2003 05:52 AM

Re: Disable root telnet

Hi,

You can put an entry in the /etc/securetty file so that root can only login at the console. Everybody else will have to login under another account and su to root. Just put this:

console

in /etc/securetty and you'll be set.

JP
0 Kudos
Reply
Raghuram Ollakal_1
Advisor

‎04-30-2003 06:29 AM

‎04-30-2003 06:29 AM

Re: Disable root telnet

I was not able to see a file " etc/securitty" on my server. even I did a " find / - name securitty -print" comes up empty. Could you check and make sure that is the right file, please.
no personal quote
0 Kudos
Reply
John Poff
Honored Contributor

‎04-30-2003 06:32 AM

‎04-30-2003 06:32 AM

Re: Disable root telnet

Sorry. My explanation wasn't real clear. You might not have an /etc/securetty file on your system. The file isn't there by default. You can just create one and just put the word 'console' in it to restrict root logins to the console.

Take a look at 'man login' and it will explain a little more about the securetty file.

JP
0 Kudos
Reply
Michael Steele_2
Honored Contributor

‎04-30-2003 06:35 AM

‎04-30-2003 06:35 AM

Re: Disable root telnet

As Mr. Poff stated, use /etc/securetty. If not present, make one.

vi /etc/securetty
console

chmod 440 /etc/securetty (* make it read only *)

From the man page for 'login':

"...If the /etc/securetty file is present, login security is in effect, i.e., root is allowed to log in successfully only on the ttys listed in this file. Restricted ttys are listed by device name, one per line. Valid tty names are dependent on the installation. An example is

console..."

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B9106-90007/B9106-90007_top.html&con=/hpux/onlinedocs/B9106-90007/00/01/177-con.html&toc=/hpux/onlinedocs/B9106-90007/00/01/177-toc.html&searchterms=login%7c/etc/securetty&queryid=20030430-083357

Support Fatherhood - Stop Family Law
0 Kudos
Reply
John Poff
Honored Contributor

‎04-30-2003 06:35 AM

‎04-30-2003 06:35 AM

Re: Disable root telnet

Also, it might just be a typo, but in your post you spelled it "securitty" instead of "securetty".

JP
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎04-30-2003 06:40 AM

‎04-30-2003 06:40 AM

Re: Disable root telnet

create a file in /etc called "securetty"
and put an entry called "console"

This will allow root access only from console and rest all the telnet sessions need to login as own user id then do a su to access superuser

-USA..
Good Luck..
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.