HPE Community
Operating System - HP-UX
1825766 Members
2127 Online
109687 Solutions
New Discussion

Re: no securetty in 11i version 2?

 
Christina Martin
Frequent Advisor

‎01-03-2006 08:18 AM

‎01-03-2006 08:18 AM

no securetty in 11i version 2?

just installed 11i version 2 (11.23) and tried to configure /etc/securetty on our system as we have on other 11 systems and there is no man entry for it and it doesn't seem to work?

Is /etc/securetty not an option with 11.23? or is it because we have SSH loaded?

Lisa
0 Kudos
Reply
6 REPLIES 6
James R. Ferguson
Acclaimed Contributor

‎01-03-2006 08:21 AM

‎01-03-2006 08:21 AM

Re: no securetty in 11i version 2?

Hi Lisa:

While I don't have 11.23 running, there *are* manpages describing it --- the referenece to '/etc/securetty' is (has always been) in 'login(1)' however.

http://docs.hp.com/en/B2355-60105/login.1.html

Regards!

...JRF...
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎01-03-2006 08:22 AM

‎01-03-2006 08:22 AM

Re: no securetty in 11i version 2?

Hi Lisa,

It works just like it did in the previous versions on hp-ux.

Using ssh you can login using the root account from any terminal. The securetty works for telnet access.

Hope this helps.

regds
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎01-03-2006 08:24 AM

‎01-03-2006 08:24 AM

Re: no securetty in 11i version 2?

It's most likely because you are using SSH to connect rather than telnet.

If you want to deny root login via ssh then you'll have to modify the sshd_config file and set:

PermitRootLogin no

You will then need to stop and restart ssh.
0 Kudos
Reply
AndyMueller
Frequent Advisor

‎01-03-2006 08:25 AM

‎01-03-2006 08:25 AM

Re: no securetty in 11i version 2?

Lisa,

I'm running 11.23 and ssh, and I sure have the /etc/securetty file. There is no man for securetty.
[sd3n1:/]# more /etc/securetty
console
[sd3n1:/]# uname -a
HP-UX sd3n1 B.11.23 U ia64 3841026172 unlimited-user license
[sd3n1:/]# ll /etc/securetty
-rwx------ 1 root sys 8 Dec 27 08:42 /etc/securetty

Perhaps you could just create the file?

Andy
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎01-03-2006 08:27 AM

‎01-03-2006 08:27 AM

Re: no securetty in 11i version 2?

Hi,

to disable root login through ssh you need to modify the sshd_config file,

Look at this parameter, "PermitRootLogin"

Set this parameter to,

PermitRootLogin no

in the sshd_config file (should be in /etc, /etc/ssh, or /usr/local/etc, depends on the version of ssh).

Hope this helps.

regds



0 Kudos
Reply
Rick Garland
Honored Contributor

‎01-03-2006 09:06 AM

‎01-03-2006 09:06 AM

Re: no securetty in 11i version 2?

There is the newer version of ssh 4.2 from HP. It is a depot install.

This has an option for reading the /etc/securetty file as well as the PermitRootLogin in the sshd_config file.


The ssh version 4.2 is a free download in depot format from software.hp.com

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.