Hi all
One of our customers has a number of AIX 5.3 TL9 lpars. Access is via ssh only, and by default I'd like to deny direct root access. People would log in as themselves before su'ing to root. Pretty standard stuff really.
This would be done in the /etc/ssh/sshd_config file by enabling the 'PermitRootLogin no' line.
However our DBA's insist that, for Oracle RAC using GPFS (General Parallel File System), we have to have direct root login allowed.
This is against my better judgement as we have no accountability of who was logged in as root. Does anyone know of a way to have direct root login disabled, UNLESS the session is initiated by the other node in the cluster?
Thanks.
One of our customers has a number of AIX 5.3 TL9 lpars. Access is via ssh only, and by default I'd like to deny direct root access. People would log in as themselves before su'ing to root. Pretty standard stuff really.
This would be done in the /etc/ssh/sshd_config file by enabling the 'PermitRootLogin no' line.
However our DBA's insist that, for Oracle RAC using GPFS (General Parallel File System), we have to have direct root login allowed.
This is against my better judgement as we have no accountability of who was logged in as root. Does anyone know of a way to have direct root login disabled, UNLESS the session is initiated by the other node in the cluster?
Thanks.
