I have to forbid root-logins on all my servers, expect from two machines, these 2 machines login with root without a password
it was quite easy with ssh, but I have a problem regarding rsh/rlogin, an there
are a lot of rsh jobs, so it would take a lot of time to change all this scripts to ssh
it sould work like the sshd_config entry: "PermitRootLogin without-password" just for rsh
telnet is deactivated
I cannot install an ip-wrapper (well I can but I shouldn't :)) , so I have to realise this just with base AIX tools, I searched for a day, but couldn't find a solution for my problem
I guess you only want to deactivate remote login for root.
chuser rlogin=false root
should do the job or use
smitty=>Security & Users=>Login Controls=> Change / Show Login Attributes for a User=> User NAME=root =>User can LOGIN REMOTELY(rsh,tn,rlogin)?=false
thanks for the reply, but two machines still have to root login without password on all other machines, your solution would forbid every remote root login at all
Possible workaround ? :
As root, edit /etc/inetd.conf ; Comment out the line 'login ... rlogin'
Run 'inetimp' ; Run 'refresh -s inetd'
Hope this helps.