I'm attempting to deny a user's ability to login as root through any remote means - ie telnet or ssh. I've read most of the threads that I can find on this site and I've looked at BigAdmin on Sun's site. I have done what has been suggested here and on BigAdmin which is to make sure that the line in the /etc/default/login file (CONSOLE=/dev/console) is uncommented. However, I'm still able to remotely login to my machine through telnet and/or ssh. I have changed the file to both commented and uncommented and rebooted serveral times. Nothing seems to alter the behavior. Are there any other config files or conditions that might allow this activity?
"However, I'm still able to remotely login to my machine through telnet and/or ssh."
What is that supposed to mean? The change you made should have fixed telnet. Did it? For ssh, put a DenyUsers line in sshd-config. Do a "man sshd-config" for details.
telnet should be done with /etc/default/login, "# If CONSOLE is set, root can only login on that device." The ssh has its own config file, /etc/ssh/sshd_config , change that line to no "PermitRootLogin yes" and restart your sshd.
Thanks guys. I was getting confused between the two (ssh and telnet). I thought that the /etc/default/login file controlled both daemons. I changed the sshd_config file and it stopped ssh and /etc/default/login stopped the telnets.
svcadm does not work for Solaris 8
And gonzotonka , if you want to disable all users from using ssh/telnet/ftp, you might want to look into the /etc/services or /etc/inetd.conf file to comment out the lines with such services enabled and restart your inetd daemon