[HPADM] RE: -SUMMARY- root login with remsh and securetty

From: Naylor, Jim (Jnaylor@Schnucks.com)
Date: Wed Jan 05 2005 - 15:49:19 EST

• Next message: alanriggs@tycoint.com: "[HPADM] RE: RE: -SUMMARY- root login with remsh and securetty"
• Previous message: BAKHSHESH Kazem: "[HPADM] tcpdump for 10.20"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks to all for the responses. Original question at bottom. Most agreed
that you just need to put an entry in root's .rhosts file as follows:

mainframe_name mainframe_user_name

This seem to work fine. I was under the assumption that this would not work
because of the securetty but that is not the case.

As pointed out by Eef Hartman:
remsh (but NOT rlogin) is restricted by the root users ".rhosts", not by
/etc/securetty (that is for INTERactive shells only!).
So if you put into the root .rhosts file JUST the single line
<mainframe.domain> root
then THAT machine can use "remsh" and "rcp", but still NO rlogin.

Rather than:
<mainframe.domain> root

I did:

<mainframe.domain> mainframe_user_name

Thanks Again,

-----Original Message-----
From: Naylor, Jim
Sent: Tuesday, January 04, 2005 1:31 PM
To: Hpux-Admin@Dutchworks. Nl (E-mail)
Subject: [HPADM] root login with remsh and securetty

Hello All,
I have been searching the archive but cannot seem to find an answer. We are
running HP-UX 11.0 and have in the file /etc/securetty is one entry
"console". As you all know this is to restrict direct root login to the
console only. What I need to be able to do is allow a remsh from our
mainframe as root but from nowhere else. We are trying to use our mainframe
as a job scheduler which is quite effective as long as none of the jobs
require root to run them. We have a half dozen jobs that do require root to
run them. I was hoping there was a option in securetty or some other method
to specify a single remote system to login as root and still maintain
restrictions from any other. Unfortunately I have not been able to find a
way to do this, thus I post the question to list. Is this possible?

Thanks,
Jim Naylor
Unix/Storage Systems Administrator
Schnuck Markets, Inc.
* Direct (314) 994-4784
))( Cell (314) 691-0186
      Fax (314) 994-4684
* E-Mail jnaylor@schnucks.com

--
             ---> Please post QUESTIONS and SUMMARIES only!! <---
        To subscribe/unsubscribe to this list, contact
majordomo@dutchworks.nl
       Name: hpux-admin@dutchworks.nl     Owner:
owner-hpux-admin@dutchworks.nl
 
 Archives:  ftp.dutchworks.nl:/pub/digests/hpux-admin       (FTP, browse
only)
            http://www.dutchworks.nl/htbin/hpsysadmin   (Web, browse &
search)
--
             ---> Please post QUESTIONS and SUMMARIES only!! <---
        To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
       Name: hpux-admin@dutchworks.nl     Owner: owner-hpux-admin@dutchworks.nl
 
 Archives:  ftp.dutchworks.nl:/pub/digests/hpux-admin       (FTP, browse only)
            http://www.dutchworks.nl/htbin/hpsysadmin   (Web, browse & search)

• Next message: alanriggs@tycoint.com: "[HPADM] RE: RE: -SUMMARY- root login with remsh and securetty"
• Previous message: BAKHSHESH Kazem: "[HPADM] tcpdump for 10.20"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:45 EDT