It's a simple configuration variable set in $ETCDIR/sshd_config
PermitRootLogin no
This will disable root's ability to login directly. However, it will also prevent
people from running remote commands as root. It's all or nothing.
Todd
On Wed, Mar 31, 1999 at 02:17:57PM +0000, Jesse W. Asher wrote:
>
> We are running ssh1 on Solaris 2.5/2.6 with no RSA authentication - just
> the connection is encrypted. I'd like to set it up so that root can run
> a command on the remote system via rsh, but direct root logins aren't
> allowed. Solaris allows this feature normally by setting the
> CONSOLE variable in /etc/default/login, but now that we're using ssh,
> root can log in directly no matter what I do. I've tried to get
> /bin/login to be used hoping that it would consult /etc/default/login,
> but it doesn't seem to make any difference. I ran configure with the
> --with-login option and have UseLogin in the /etc/sshd_config file, but
> no progress.
>
> The reason for this is that we don't need super authentication, but we
> would like admins to log into the server as themselves and then su to
> root to get root privs. This was we can keep better track of who is
> doing what to systems.
>
> Any ideas on this matter would be appreciated...
>
>
> --
> Jesse W. Asher Paradyne Corporation (727)530-8241
>
> [EMAIL PROTECTED]
--
Todd Fleisher
[EMAIL PROTECTED]
http://www.fleish.org/fleish
