Re: root should login only through console. (444 Views)
Reply
Frequent Advisor
vijay alur alur
Posts: 64
Registered: ‎03-15-2009
Message 1 of 5 (459 Views)

root should login only through console.

Hi,

 

i want to configure all my servers such that i cannot login to through root directly. only way login through root is by console. For achieving this i have made an entry in /etc/securetty file with the console written in it. But still i am able to login with root directly. is there anything more i need to do to achieve this?

 

 

Thanks,

Vijay

Lead Engineer, IMS.
iGATE
Please use plain text.
Honored Contributor
Patrick Wallek
Posts: 13,752
Registered: ‎06-21-2000
Message 2 of 5 (452 Views)

Re: root should login only through console.

>>But still i am able to login with root directly.

 

How are you logging in?  Are you logging in via SSH, telnet, rlogin, X-Windows?

 

If you are using SSH then the /etc/securetty file is not used.  There is an option in ssh_config or sshd_config (I can't remember which one) called ALLOW_ROOT_LOGIN (or something similar).  If it is set to YES, change it to no and then restart SSH on the server.

Please use plain text.
Frequent Advisor
vijay alur alur
Posts: 64
Registered: ‎03-15-2009
Message 3 of 5 (450 Views)

Re: root should login only through console.

yes, thanks.

i am loggin through SSH via putty.

 

that is /opt/ssh/et/sshd_config file and the parameter is permitRootLogin no.

 

Thanks,

Vijay

Lead Engineer, IMS.
iGATE
Please use plain text.
HP Pro
Doug_Lamoureux
Posts: 11
Registered: ‎11-30-2011
Message 4 of 5 (446 Views)

Re: root should login only through console.

Make sure you have enforcesecuretty set to yes in your sshd_config file.  See page 44:

 

http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c03243765/c03243765.pdf

 

Please use plain text.
Honored Contributor
Patrick Wallek
Posts: 13,752
Registered: ‎06-21-2000
Message 5 of 5 (444 Views)

Re: root should login only through console.


vijay alur alur wrote:

yes, thanks.

i am loggin through SSH via putty.

 

that is /opt/ssh/et/sshd_config file and the parameter is permitRootLogin no.

 

Thanks,

Vijay


Very good.  I was responding off-the-cuff without double-cheking the files themselves.  I'm glad you found what you needed.

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation