Re: AIX rlogin=false ....Does this have to be set to "true" in order for SSH to work ?

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 05/10/04 

Date: Mon, 10 May 2004 02:08:30 +0000 (UTC)

In article <UPCdnYef8ZgKHQPdRVn-gw@comcast.com>,
news.comcast.giganews.com <riverupdude@comcast.net> wrote:
>IS is possible to enable SSH logins while "rlogin=false" ???? Probably a
>stupid question but with all the configuration options of I thought I'd ask.

Only if you modify sshd. If you want to do this, edit auth.c, search
for the "loginrestrictions" call and change S_RLOGIN to S_LOGIN then
recompile. This will make sshd check for the "login" attribute rather
than the "rlogin" attribute.

Your other option is to disable *all* the AIX-specific checks (which
includes lockout, password/account expiry as well as the login attribute
checks). If you want to do this, edit config.h after running configure
and comment out "#define WITH_AIXAUTHENTICATE 1" then rebuild everything
("make clean && make"). Note that this may also disable some non-local
authentication types (eg LDAP), but I'm not sure of that. 

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Relevant Pages

  • Re: deny access
    ... > I'm beating my brains out because I thought there was a way to do it. ... You could modify sshd to do that by adding a check for no homedir to ... If your sshd is built to use PAM, you might be able to get a PAM module ... Good judgement comes with experience. ...
    (SSH)
  • Re: Log passwords from "authentication failure" logins
    ... It's possible if you modify sshd (or whatever it uses to verify the password, eg PAM). ... OpenSSH's stock sshd doesn't provide the capability but by necessity it has access to the unencrypted password so it could be modified to do so by a nosy or malicious admin. ... Good judgement comes with experience. ...
    (SSH)
Loading