I can use sudo su to root from my user id through ssh. Also can change root password. However, I cannnot login by root from ssh.
Does any body know why?
Security. That's how it's designed. I don't think there's a way to work around it, and there probably shouldn't be.
ShawnMilo
however, other AIX server I can login by root. I have root password and I can reset root password. When I login by root, it showed "Access denied"
I don't know, then. Maybe there's something in one of the config files which regulates that. I've never been able to log in as root via ssh on Linux or the Mac, but I've never used AIX, so take that for what it's worth.
ShawnMilo
I don't know if this is related... This is for ESX which is a red hat compatible linux.
edit /etc/ssh/sshd_config: add "permitRootLogin yes"
perform "/etc/init.d/sshd restart"
Actually, this is really not recommended, a security risk, are you former windows administrator who can only think about making a simple life but in return is really the reverse, why don't you just login as regular user then just do su or sudo.
itik
If you are using OpenSSH then sshd_config will regulate users abilities to login.
A workaround is to use keyed access only for root login. This is very convenient and, contrary to other opinions, when well designed is a very attractive solution.
Root login via interactive-password is a very bad idea.
The one possibility (in the ssh config) has already been mentioned. Another possibility would be to (dis-)allow the user root the remote login directly. This is one of the user attributes: check with "lsuser" and if this shows "rlogin=false" change the attribute to "true" by "chuser -a rlogin=true root".
The notion that this poses a security risk is IMHO a misconception. By allowing root to directly login there is no auditing possible any more about who (personally) has logged in. It could be everybody with the root password. If root cannot log in directly the user would have to log in with his normal account and then use "su" to become root. Both events can be logged (/var/adm/wtmp and sulog).
Still, to have an event being auditable does not mean enhanced security by itself. It merely means you can blame it to somebody in case something goes wrong. Further, anybody with a root account could alter these logs so that they are unusable. So this is creating a false sense of security which in fact is not provided by these measures.
bakunin
bakunin: That's why sudo exists.Not that it's easy or foolproof. Remote logins for root via password are an extremely bad idea. Also most security-wise folks disable *hosts based auth for ssh that I've encountered and use keys.
Yes, I checked lsuser root, and "rlogin=true", I still can not login by root. Why?
Well that means that you have it configured somewhere else. It is the only logical answer. Computers don't just decide to lock you out. Have you checked ssh? Is this AIX? sudo is not normally a part of AIX unless is installed via 3rd party.
sorry to open this again, but i found this in hp-ux topic.