SUmmary:prevent root remote login

From: SP Law (splaw@cadence.com)
Date: Wed Nov 05 1997 - 00:43:32 CST


Hello Sun_Managers,

Thank you all for responding to my question. Altogether a total of
31 people answered . Thanks for such a great response.

The names are just too many to mention .

Solution:-

I have removed the word secure from /etc/ttytab and thing seems to work
in SUNOS4.x.

The most common answer is : -

     The super-user root may only log in on those terminals
     marked as "secure" in the /etc/ttytab file. Otherwise, the
     super-user must log in as an ordinary user and become
     super-user using su(1v).

In file /etc/ttytab remove "secure" from all entries but the one
for console. DO a command kill -1 1 after the file editing for
your changes to take effect.

There are other answers,
 
From: Rick Reineman <rick@lunger.llnl.gov>
Subject: Re: prevent root remote login
 
touch /etc/nologin

Rick

-----------
From: peter.allan@aeat.co.uk (Peter M Allan)
Subject: Re: prevent root remote login

In /etc/ttytab change the 'secure' status at the end of the line.

# @(#)ttytab 1.6 89/12/18 SMI
# name getty type status comments
#
console "/usr/etc/getty std.9600" sun on local unsecure
ttya "/usr/etc/getty std.9600" unknown off local unsecure
-----------------

However I am not sure the word unsecure is recognised .

Some of you suggested
 
edit /etc/default/login and uncomment the "console" line

This method is only used in Solaris 2.x .

One person suggested:
-------------
Have you already looked into the folloing files:

/etc/hosts.equiv ... for all users on this machine
~/.rhosts ... could be in every users home dir
-----------------

.rhost and host.equiv only do away with the prompting of passwd but
but does not prevent a person from login as root by providing the root passwd.

Maybe somebody can include this in the FAQ.

Thank again.

Regards
SP LAW
 

  



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:08 CDT