#1 rlogin=false checking on AIX

open
nobody
None
5
2015-02-12
2005-04-22
Ed Meador
No

The older versions of SSHD provided for AIX allowed
remote command execution when rlogin=false was set.

This was very useful behavior for our operation.

Is there a chance that the S_RLOGIN loginrestrictions
parameter could be set to 0?

Discussion

  • ssh
    ssh
    2005-05-08

    Logged In: YES
    user_id=1169276

    Are you talking about remote command execution as
    "superuser(root)" or as a normal user.. or both.

     
  • Logged In: NO

    I too would like to see this. We need it for all users.

     
  • Logged In: NO

    I too would like to see this. We need it for all users.

     
  • Logged In: NO

    I too would like to see this. We need it for all users.

     
  • Logged In: NO

    I too would like to see this. We need it for all users.

     
  • Logged In: NO

    I would need this for both, root users and normal users

     
  • Logged In: NO

    It would be useful if someone could pick this up as an action.
    We would like to restrict root logins via rlogin=false, yet still
    permit command excecution via ssh as the root user.

     
  • Damian Scott
    Damian Scott
    2005-09-22

    Logged In: YES
    user_id=345704

    We're running AIX 5.3 in our enviroment with OpenSSH
    3.8.1p1. If any user has a user attribute of rlogin=false,
    you cannot perform any scp/ssh function. changing the value
    to true is against our security guidelines. There is a
    serious need to allow for scp to work for those users that
    have rlogin=false defined.

     
  • Logged In: NO

    Rather than go this route, why not have an additional
    definition in /etc/security/user like :

    slogin = <true|false>

    have this along with rlogin = <true|false> so that we
    admins can choose to disallow rlogins except for ssh.

     
  • Logged In: NO

    Getting this thing to work on AIX (or 4.6/7) anytime in this century would be nice

     
  • ssh
    ssh
    2007-10-19

    Logged In: YES
    user_id=1169276
    Originator: NO

    Hi,

    On Openssh-4.3p2 which has beed uploaded on Sourceforge works for for scp. i.e rlogin = false still allows scp. We will add the same for ssh in our next release of openssh which is going to be released in November 2007.

    Thanks