Hi
We have a number of AIX servers on our network and obviously these need to be tied down. One of the most basic is simply disabling direct root access unless it is via a console. This can obviously be done for telnet etc in the root account properties, and within sshd_conf for ssh based access. However, can anyone help with something more specific.
We have a central NIM server which we use as a platform to get to all others. What we'd like to do is disable direct root access to all other servers on our network UNLESS it comes from a specific IP.
We'd like our people to be able to ssh to the NIM as themselves and su to root (already sorted), and then be able to ssh to each of the other servers without using a password (they'll set up the ssh-agent passphrase for this). Any attempted root sessions from sources other than this NIM IP would be rejected.
Any suggestions?
Thanks in advance.
We have a number of AIX servers on our network and obviously these need to be tied down. One of the most basic is simply disabling direct root access unless it is via a console. This can obviously be done for telnet etc in the root account properties, and within sshd_conf for ssh based access. However, can anyone help with something more specific.
We have a central NIM server which we use as a platform to get to all others. What we'd like to do is disable direct root access to all other servers on our network UNLESS it comes from a specific IP.
We'd like our people to be able to ssh to the NIM as themselves and su to root (already sorted), and then be able to ssh to each of the other servers without using a password (they'll set up the ssh-agent passphrase for this). Any attempted root sessions from sources other than this NIM IP would be rejected.
Any suggestions?
Thanks in advance.
