We are running ssh1 on Solaris 2.5/2.6 with no RSA authentication - just the connection is encrypted. I'd like to set it up so that root can run a command on the remote system via rsh, but direct root logins aren't allowed. Solaris allows this feature normally by setting the CONSOLE variable in /etc/default/login, but now that we're using ssh, root can log in directly no matter what I do. I've tried to get /bin/login to be used hoping that it would consult /etc/default/login, but it doesn't seem to make any difference. I ran configure with the --with-login option and have UseLogin in the /etc/sshd_config file, but no progress.
The reason for this is that we don't need super authentication, but we would like admins to log into the server as themselves and then su to root to get root privs. This was we can keep better track of who is doing what to systems.
Any ideas on this matter would be appreciated...
--
