oraytektips
Programmer
hi,
Is there a way to do ssh -x <hostname> -l userid with rlogin=false for userid?
Thanks!
Oray
Is there a way to do ssh -x <hostname> -l userid with rlogin=false for userid?
Thanks!
Oray
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
ssh login with rlogin=false
- Thread starter oraytektips
- Start date
- Status
- Thread starter
- #3
oraytektips
Programmer
hi,
The rlogin attribute is set to false for my id.But I still need to login with my id through ssh.
Thanks!
Oray
The rlogin attribute is set to false for my id.But I still need to login with my id through ssh.
Thanks!
Oray
senoralastair
IS-IT--Management
Hey Oray,
the "User can LOGIN REMOTELY" attribute in smitty is for rsh, telnet and rlogin, none of which you'd want to use for security reasons.
So, in your /etc/ssh/sshd_config file, you should probably put in "PermitRootLogin no" so that root can't log in, but your normal users can. (this way, you'd have to login as your normal user, then su to root).
If you wanted to deny any specific users from having ssh access, you can add this, to deny oracle for example:
"DenyUsers oracle"
if you just have the rlogin bit in smitty set to false, you can still ssh in (unless the above DenyUsers bit is set in the sshd_config file).
hope that helps.
the "User can LOGIN REMOTELY" attribute in smitty is for rsh, telnet and rlogin, none of which you'd want to use for security reasons.
So, in your /etc/ssh/sshd_config file, you should probably put in "PermitRootLogin no" so that root can't log in, but your normal users can. (this way, you'd have to login as your normal user, then su to root).
If you wanted to deny any specific users from having ssh access, you can add this, to deny oracle for example:
"DenyUsers oracle"
if you just have the rlogin bit in smitty set to false, you can still ssh in (unless the above DenyUsers bit is set in the sshd_config file).
hope that helps.
There is a way of doing what you are after..
You need to get hold of the source code for ssh and find the loginrestrictions()
call in openbsd-compat/port-aix.c and change the S_RLOGIN flag to S_LOGIN.
Then re-compile...
it's a pain.. but I have been places before where this in place...
Basically ssh will check login= rather than rlogin= this allows your users unable to login externally but ssh will still work...
You need to get hold of the source code for ssh and find the loginrestrictions()
call in openbsd-compat/port-aix.c and change the S_RLOGIN flag to S_LOGIN.
Then re-compile...
it's a pain.. but I have been places before where this in place...
Basically ssh will check login= rather than rlogin= this allows your users unable to login externally but ssh will still work...
- Thread starter
- #6
oraytektips
Programmer
I got the source code but getting this error
[]:/openssh-4.1p1 # ./configure
checking for gcc... no
checking for cc... no
checking for cc... no
checking for cl... no
configure: error: no acceptable C compiler found in $PATH
I already have these committed
xlC.aix50.rte 8.0.0.7 COMMITTED C Set ++ Runtime for AIX 5.0
xlC.cpp 6.0.0.0 COMMITTED C for AIX Preprocessor
xlC.rte 8.0.0.7 COMMITTED C Set ++ Runtime
[]:/openssh-4.1p1 # ./configure
checking for gcc... no
checking for cc... no
checking for cc... no
checking for cl... no
configure: error: no acceptable C compiler found in $PATH
I already have these committed
xlC.aix50.rte 8.0.0.7 COMMITTED C Set ++ Runtime for AIX 5.0
xlC.cpp 6.0.0.0 COMMITTED C for AIX Preprocessor
xlC.rte 8.0.0.7 COMMITTED C Set ++ Runtime
- Status
Similar threads
- Locked
- Question