search for: auth_dh

To get around the problem of having to change the root password every time a sys admin leaves the organization Solaris is hardened as follows. in /etc/default login. CONSOLE= Restricted permissions on su so only certain groups can run it. That way its really difficult to log in as root even if the root password is known. For OpenSSH PermitRootLogin is set to without-password and a key is

1/ Most correctly configured unix servers are fairly secure. Workstations on the other hand are extremely easy to compromise. Even if the eeprom (on a sparc) is password protected the fact that a hacker can get physical access to the machine means that it's very likely to be compromised, but thats just life. (I'm sure at least some readers on this list will at some time in there life have

maybe this is a silly question ;-) But why is it possible to login on a machine with a locked account (passwd -l ) via pubkey-authentication (authorized_keys) ? I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not happen. If this is the normal behaviour and built in intentionally what would be the easiest way to lock an account without deleting the users authorized_keys ?