HPE Community
Operating System - HP-UX
1847253 Members
4152 Online
110263 Solutions
New Discussion

Re: remote root login

 
SOLVED
Go to solution
himacs
Super Advisor

‎02-03-2009 11:11 AM

‎02-03-2009 11:11 AM

remote root login

Hi,

Can anbody tell me how to check remote root login enabled or not?

In solaris we have /etc/default/login file.
We have to uncomment the /dev/console field.

Is ther any way to check the same in hp-ux?

Regards,

0 Kudos
Reply
12 REPLIES 12
Steven E. Protter
Exalted Contributor

‎02-03-2009 11:20 AM

‎02-03-2009 11:20 AM

Re: remote root login

Shalom,

This is somewhat dependent on connection protocol.

ssh:

http://docs.hp.com/en/5992-3387/ch05s06.html

DCE

http://docs.hp.com/en/5991-7712/ch02s04.html

telnet et al
http://docs.hp.com/en/5992-3387/ch05s01.html

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Tingli
Esteemed Contributor

‎02-03-2009 11:22 AM

‎02-03-2009 11:22 AM

Re: remote root login

For telnet the file is /etc/securetty. For ssh it is /opt/ssh/etc/sshd_conf.
0 Kudos
Reply
himacs
Super Advisor

‎02-03-2009 11:25 AM

‎02-03-2009 11:25 AM

Re: remote root login

Hi guys

I dont want to any user to use root account on the network.Only thro direct console only root should work.

regards,
0 Kudos
Reply
Tingli
Esteemed Contributor

‎02-03-2009 11:35 AM

‎02-03-2009 11:35 AM

Solution

Re: remote root login

That is right. To block root login from non-console you need to:
1) echo console >> /etc/securetty
2) In file /etc/ssh/sshd_conf, you need to set "PermitRootLogin no"
Reply
Tingli
Esteemed Contributor

‎02-03-2009 11:37 AM

‎02-03-2009 11:37 AM

Re: remote root login

Sorry, the file sshd_conf is located in /opt/ssh/etc.
0 Kudos
Reply
himacs
Super Advisor

‎02-03-2009 11:43 AM

‎02-03-2009 11:43 AM

Re: remote root login

Hi Tinqli,

Thnks for the response.

Can u please brief me about the
echo console>>/etc/security.

Regards,
0 Kudos
Reply
Tingli
Esteemed Contributor

‎02-03-2009 11:50 AM

‎02-03-2009 11:50 AM

Re: remote root login

Or you can edit the file /etc/securetty. And add a line "console" to the end of the file.
0 Kudos
Reply
himacs
Super Advisor

‎02-03-2009 11:53 AM

‎02-03-2009 11:53 AM

Re: remote root login

Hi Tinqli,

I didnot find any file named /etc/security and /etc/securetty.Is this default one or we need to create manually?

Regards,

0 Kudos
Reply
Tingli
Esteemed Contributor

‎02-03-2009 11:58 AM

‎02-03-2009 11:58 AM

Re: remote root login

Here is a link about it:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1233691010179+28353475&threadId=1174327
0 Kudos
Reply
himacs
Super Advisor

‎02-03-2009 12:12 PM

‎02-03-2009 12:12 PM

Re: remote root login

Hi Tinqli,

Thanks for ur timely response.

As m new in hp-ux, i have some doubts.

/etc/securetty file is default one or manually we need to create?

becuase i didnot find the same in my system.

regards,
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎02-03-2009 12:25 PM

‎02-03-2009 12:25 PM

Re: remote root login

You must create it.

The easiest way:

# echo console > /etc/securetty
0 Kudos
Reply
Sani
Frequent Advisor

‎02-03-2009 11:57 PM

‎02-03-2009 11:57 PM

Re: remote root login

Hi Himacs ,

Through /etc/securetty and /opt/ssh/etc/sshd_conf , you can rstrict direct root login to the server.But at the same time any user can login with his username and switch to root (su -)....

To prevent this you have to add an entry in /etc/default/security file . ie

SU_ROOT_GROUP=group

Now users attempting to su to root must be a memeber of this group .

Thanks
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.