Evan
October 15, 2012, 6:13am
1
Hi all,
how can I disable direct login to a Solaris system not only for root user but also for other accounts?
Looking in google I came to the following:
For telnet (/etc/default/login):
disable root access> CONSOLE=/dev/console
disable generic user> ?
For ssh (/etc/ssh/sshd_config):
disable root access> PermitRootLogin No
disable generic user> DenyUsers username1 username2
I also found references to files:
/etc/hosts.deny
/etc/hosts.allow
Which is the best practice?
Thanks in advance,
Evan
If you disable all logins, how do you plan on logging on to perform maintenance, such as patching?
If you want to disable remote access, just don't run telnet or sshd.
Evan
October 15, 2012, 6:34am
3
Strange answer ... anyway I just want to disable the following users:
Thanks,
Evan
Evan
October 15, 2012, 11:28am
5
Hi all,
thanks for your contribute.
Reading blogs, forum and techdoc came out that there's no way to deny a specific user (except root) to login directly with telnet.
I was able to make some tests in the lab and I think that the right solution is the one provided in my first post.
Moreover I'm going to discuss with colleagues to stop the telnet service so that we should solve the problem of direct access with specific user "X".
Thanks again.
Kind regards,
Evan
hicksd8
October 15, 2012, 11:40am
6
See post by jlliagre. You can change the user to a role (only) thereby preventing login. He also explains how to allow another user to take on this role.
Root is a role by default in Solaris 11. Another user can su to become root.
You can therefore make root and achenle unable to login directly by changing both to roles.