Root SSH login on the servers should be disabled to protect the servers from unauthorized access. Root login should be enabled through the console only. If you need root user access to run a script or execute a command then you need to login first through your user and then switch to the root user. Here it is shown how you can secure your HP-UX systems by restricting the root user SSH login to console only.
Disable root SSH Login in HP-UX:
- Login as a root user on the server
- Edit the file /opt/ssh/etc/sshd_config as shown below:
# vi /opt/ssh/etc/sshd_config . . # Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #CountKeyAuthBadLogins no . .
Change the line #PermitRootLogin yes to PermitRootLogin no and save the file.
After changing the line Authentication block will look like below
.
.
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#CountKeyAuthBadLogins no
.
.
- These changes will come into effect when the ssh service will be restarted. To restart the ssh service, use the below commands:
# /sbin/init.d/secsh stop HP-UX Secure Shell stopped # /sbin/init.d/secsh start HP-UX Secure Shell started
- Now, you will not be allowed to ssh this server as a root user. It will show the access denied as shown below:
login as: root Using keyboard-interactive authentication. Password: Access denied
Create a new user in HP-UX and switch to root whenever required:
- Create a new user in HP-UX, here I have created a user sonu and changed the password of the user
# useradd -g users -m -k /etc/skel -s /usr/bin/ksh dbappweb
# passwd dbappweb
Changing password for dbappweb
New password:
Re-enter new password:
Passwd successfully changed
- Now login through user sonu and after that switch to the root user.
login as: dbappweb Using keyboard-interactive authentication. Password: Last successful login: Thu Jul 20 16:18:41 IST 2017 172.10.10.11 $ su - root Password:Value of TERM has been set to "xterm". WARNING: YOU ARE SUPERUSER !!
Note: I have done the above steps on the HP-UX 11.31 which was an nPAR machine. The process is the same for vPAR machines also.
Related Posts
- How to Find NIC (Network Interface Card) Details in HP-UX
- How to Install a .depot Package Using swinstall on HP-UX
- HP-UX: How to restrict NFS share access to a particular server?
- crontab: you are not authorized to use cron. Sorry. in HP-UX
- HP-UX: SSH taking too much time after adding the DNS Servers
- How to add DNS servers on an HP-UX server
- How to login to vPar console in HP-UX
- How to extend the size of Logical Volume (LV) in HP-UX
- How to determine file system type in HP-UX using command
- How to check vPar machines status in HP-UX
- How to find HBA cards/ports and WWN Number details in HP-UX (nPar)
- How to find HBA cards/ports and WWN Number details in HP-UX (vPar)
- HP-UX command to get Physical Memory Information
- HP-UX command to get Processor Information
- HP-UX command to get Hardware Serial Number
- su: Sorry in HP-UX while switching from normal user to root user
- SSH login taking too much time on HP-UX 11.31
- How to Disable Root SHH Login in HP-UX?
- hpvmstatus: HPVM currently not running.
- How to view/print routing table in HP-UX?
- Create a Logical Volume larger than 2TB and format it in HP-UX
- Protect SSH Logins with SSH and MOTD Banner Messages in HP-UX
- Remove welcome message after login in HP-UX 11.31
- Create a Logical Volume and format it in HP-UX
- How to rescan new LUNs added in HP-UX 11.31
- How to reboot a HP-UX machine?
- How to remove File System, LV and VG in HP-UX and Linux?
- How to remove NO_HW devices from ioscan in HP-UX without a reboot?
- Change root user password of vpar machine in HP-UX
No Responses