#6 Bypasses rlogin=false

[Rakesh]

I've been testing 4.1 and recently noticed that I could
login directly as root even though rlogin is set to false.

OS Level: 5300-02
SSH: OpenSSH_4.1p1, OpenSSL 0.9.7d 17 Mar 2004
root: root:
admin = true
SYSTEM = "compat"
registry = files
loginretries = 0
account_locked = false
sugroups = sysadmin
rlogin = false

[Nobody/Anonymous]

Logged In: NO

Granted, this is a bug and can alllow remote root logins.
Make sure you have PermitRootLogin no set in
/etc/ssh/sshd_config. This will over-ride the rlogin=false
bug, and continue to deny root logins via ssh.

[Nobody/Anonymous]

Logged In: NO

Here's a suggestion IBM. Maybe there could another entry
in /usr/security/user file for slogin = true|false that
way we admins can control whether to allow/deny rlogin and
slogin for finer granularity.

[Nobody/Anonymous]

Logged In: NO

That is, the file /etc/security/user

[Markus Baertschi]

Logged In: YES
user_id=156828
Originator: NO

This is because ssh does not use 'login' for logging in.
If you set 'UseLogin yes' in /etc/ssh/sshd_config then
this works as you like as 'login' is used and it observes
all AIX authentication extensions.

Configured as described above here what I get with rlogin=false:
login as: root
root@zucvdc0s.unicible.ch's password:
3004-306 Remote logins are not allowed for this account.