HPE Community
Operating System - HP-UX
1754845 Members
5169 Online
108826 Solutions
New Discussion юеВ

/etc/securetty file to limit access of root only to the console

 
EJ Stremler
Frequent Advisor

тАО02-16-2006 07:45 AM

тАО02-16-2006 07:45 AM

/etc/securetty file to limit access of root only to the console

Is /etc/securetty the correct path for this file? with permissions owned by root and 600?. We need to limit root access via ssh from other systems. We only want root to access via console only.
0 Kudos
6 REPLIES 6
Rick Garland
Honored Contributor

тАО02-16-2006 08:00 AM

тАО02-16-2006 08:00 AM

Re: /etc/securetty file to limit access of root only to the console

The /etc/securetty file will allow direct root logins on the console if the 'console' is specified in the securetty file. Users will still be able to su to the root account.

To prevent root from logging in via ssh, modify the sshd.config file and look for the 'PermitRootLogin line. Change this to 'no'.

The location of the file is in /opt/ssh/etc if you installed the HP version of Secure Shell. If you have the SSL download version it could be elsewhere.

The newest version of HP's Secure Shell will honor the securetty file contents.
0 Kudos
D Block 2
Respected Contributor

тАО02-16-2006 08:02 AM

тАО02-16-2006 08:02 AM

Re: /etc/securetty file to limit access of root only to the console

Ed,
try a: $ man login

put the "console" as the first entry in the securetty file. Test using another window and stay connected as root on your first window. Also, verify that you can get on the CONSOLE device via telnet to the GSP's IP address before writing this file out.

If using SSH, you might want to verify a test and you might have to update the SSH login definitions to only-ALLOW a set of login-names and Dis-ALLOW all others.

Golf is a Good Walk Spoiled, Mark Twain.
0 Kudos
EJ Stremler
Frequent Advisor

тАО02-16-2006 08:30 AM

тАО02-16-2006 08:30 AM

Re: /etc/securetty file to limit access of root only to the console

I had updated the /opt/ssh/etc/sshd_config file to "PermitRootLogin no", and root is still able to get in via ssh, do i need to stop and start the sshd?
0 Kudos
Rick Garland
Honored Contributor

тАО02-16-2006 08:33 AM

тАО02-16-2006 08:33 AM

Re: /etc/securetty file to limit access of root only to the console

Yes - stop and restart the sshd process.

0 Kudos
Paul Sperry
Honored Contributor

тАО02-16-2006 08:42 AM

тАО02-16-2006 08:42 AM

Re: /etc/securetty file to limit access of root only to the console

Ed,

Don't forget not to use # or @ in roots password. Otherwise root will not be able to log in at the console
0 Kudos
EJ Stremler
Frequent Advisor

тАО02-16-2006 08:52 AM

тАО02-16-2006 08:52 AM

Re: /etc/securetty file to limit access of root only to the console

Thank you all for your fine answers...
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.