Unix True 64 - SSH logins only

This is Interesting: Free IT Magazines  
Home > Archive > Unix True 64 > February 2005 > SSH logins only





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author SSH logins only
Jack Patteeuw

2005-02-12, 5:49 pm

On Tru64 V5.1B, how do I limit remote root logins to SSH (PuTTY) logins
ONLY ! (i.e. no telnet, no rsh, no rexec, no remote anything)
TCH

2005-02-13, 7:48 am

Try to edit this file:

#cat securettys

/dev/console
local:0
:0

And set sshd option "permit root login" to yes (the default one i suppose) +
restart sshd

"Jack Patteeuw" <jjpatteeuw@earthlink.nospamme> wrote in message
news:LrpPd.10017$oO.4010@newsread2.news.atl.earthlink.net...
> On Tru64 V5.1B, how do I limit remote root logins to SSH (PuTTY) logins
> ONLY ! (i.e. no telnet, no rsh, no rexec, no remote anything)


TCH

2005-02-13, 7:48 am

it's this the /etc/securettys file of course.....
"TCH" <noggood1@nogood.com> wrote in message
news:420f1c90$0$503$626a14ce@news.free.fr...
> Try to edit this file:
>
> #cat securettys
>
> /dev/console
> local:0
> :0
>
> And set sshd option "permit root login" to yes (the default one i suppose)
> + restart sshd
>
> "Jack Patteeuw" <jjpatteeuw@earthlink.nospamme> wrote in message
> news:LrpPd.10017$oO.4010@newsread2.news.atl.earthlink.net...
>
>


Mario Stargard

2005-02-14, 8:47 pm

TCH wrote:
> it's this the /etc/securettys file of course.....
> "TCH" <noggood1@nogood.com> wrote in message
> news:420f1c90$0$503$626a14ce@news.free.fr...
>
>
>
If the ptys aren't trusted, I don't think you'll be able to actually
login. You can pass commands to ssh; even /bin/sh. But actually
logging in won't work, unless the stock sshd is different than the one I
compiled.

One should disallow all telnet sessions, even if root can only log in
using ssh. This is because the attempt of logging in as root using
telnet will be passed over the network in the clear.

If you have regular users using telnet, then restricting root to only
use ssh isn't going to do much for the security posture, in my opinion.
Regular accounts with clear passwords on the wire are a threat because
many exploits require you to start with regular user privileges.

If you are forced to use telnet, look at other options like ipsec.

Mario

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com