From: Adams Kevin J (kevin.adams@PHS.COM)
Date: Tue Jul 16 2002 - 13:07:19 EDT
Leonardo,
My systems work the same, and it is because AIX is set to not allow remote
root logins.
When AIX is set this way:
AIX rsh will allow root to run commands remotely but not login remotely.
MIT kerberos rsh will allow root to run commands remotely and login
remotely.
OpenSSH, even with "PermitRootLogin yes", will not allow remote commands or
logins.
Kevin Adams
-----Original Message-----
From: Leonardo Velloso Heitor [mailto:lheitor@BR.IBM.COM]
Sent: Tuesday, July 16, 2002 6:49 AM
To: aix-l@Princeton.EDU
Subject: [aix-l] SSH problems.
Hi AIX'ers...
For security reasons, I need to block RSH for all servers. I decided
to install OPENSSH 3.2.0.1 from Bullfreeware to change RSH. My AIX system
is setup to not allow remote logins using the file /etc/security/user.
On my lab systems( that still allow rsh), I can use rsh to run
commands, but I cannot login.
When I try to do the same with ssh, it does not work.
Any thoughts on matter would be greatly appreciated.
For the command:
# ssh lab1 date"
root@lab1's password:
I saw at "sshd -d" output:
...
...
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
Login restricted for root: Remote logins are not allowed for this account.
input_userauth_request: illegal user root
Failed none for illegal user root from 150.251.38.15 port 36792 ssh2
debug1: userauth-request for user root service ssh-connection method
publickey
debug1: attempt 1 failures 1
Failed publickey for illegal user root from 150.251.38.15 port 36792 ssh2
debug1: userauth-request for user root service ssh-connection method
keyboard-interactive
debug1: attempt 2 failures 2
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=root devs=
debug1: kbdint_alloc: devices ''
Failed keyboard-interactive for illegal user root from 150.251.38.15 port
36792 ssh2
I have following parameters at sshd_config:
Port 22
Protocol 2,1
HostKey /etc/openssh/ssh_host_key
HostKey /etc/openssh/ssh_host_rsa_key
HostKey /etc/openssh/ssh_host_dsa_key
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 600
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
RhostsAuthentication no
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PasswordAuthentication yes
PermitEmptyPasswords no
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
UseLogin no
PidFile /var/openssh/sshd.pid
Kind Regards,
_______________________________________________________________
Leonardo Velloso Heitor
ERP - Technical Support Team
mailto: lheitor@br.ibm.com
This electronic message transmission, including any attachments, contains information from PacifiCare Health Systems Inc. which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited.
If you have received this electronic transmission in error, please notify the sender immediately by a "reply to sender only" message and destroy all electronic and hard copies of the communication, including attachments.
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:04 EDT