similar to: permitrootlogin=no does NOT help

Very early on in what seems to be quite a hot debate sometimes, I pointed out that sshd only controls rlogin=false at its startup, and if it is changed, sshd simply ignores it ie: chuser rlogin=true root sshd chuser rlogin=false root Will result in sshd ACCEPTING login from root, ie it seems to only check at its startup - is this a bit like ulimit behavior where you need need to log out and in

Thanks to everyone who has replied to my emails so far - to summarise: AIX allows setting of rlogin=false and and a su group, or a list of users that are permitted to "su" to root. ( or other functional ids ) This means with entries in /etc/ftpusers, it is possible to : 1/ Track who used root via sulog and or external logging 2/ Protect root even if the root password is compromised 3/

Hi, In a mail about two weeks ago, I brought up an idea: --- How SSH makes this easier is that you only have to sync the authorized_keys2 database to root account's .ssh/ every time new admin comes in/leaves the house. This can even be automatized rather easily. A more modular hack would be using authorized_keys2 _directory_, and the keys in there would all be counted as authorized. Thus

hi... i've got an "access denied" issue with rsh on one of my boxes (and before we start, no "use ssh" comments.. rsh is what i'm dealing with for now!!) i've got a few boxes in my network, and i can successfully rsh into them with no issue. however, on one box, i can't access it using rsh, and i'm running out of things to try... kind of curious. i can

Hello I've two strange problems: - smbd I've attached you my smb.conf, inetd.conf and my log file. Sometimes smbd and nmbd run and somtimes only nmbd run (I check it with ps -ax). But I have access over my shares (I test it with my Win95 machine). Also in my log file there're some error messages (I don't now from where the came). - login scripts My scripts won't run but if

ssh could give us: 1/ Centrally managed keys and access 2/ No more user accounts in wheel groups lying around various systems 3/ Standard tracking with logging to a server via syslogd. 4/ Passwords managed centrally via pass phrases instead of passwords on every machine. As far as not using root is concerned, all for it, but I am just trying to get some sort of control over root now. sudo etc

Hi ya'll- I've got this odd openssh problem with Solaris 10 I was hoping someone could shed some light on. Not sure if it is a bug... Basically I'm trying to use pubkeys as an auth method, but am having issues. I can log in using passwords no problem, but as soon as it notices a matching public key it closes the connection. I ran the sshd server (on Solaris 10 box) in debug

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:52 Security Advisory FreeBSD, Inc. Topic: TCP uses weak initial sequence numbers Category: core Module: kernel Announced: 2000-10-06

IF ssh is a replacement for rlogin,rsh etc I can accept it respecting rlogin=false as rlogin does and rsh does not, however scp is a replacement for rcp, and rcp does NOT use rlogin attribute, so the implementation is NOT standard as scp fails if rlogin=false, but rcp succeeds, as documented. thanks mark

http://bugzilla.mindrot.org/show_bug.cgi?id=383 ------- Additional Comments From markus at openbsd.org 2002-08-23 07:46 ------- what does "rlogin set to false" mean? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

I have samba working find against our windows 2000/3 network under solaris 9/10. Users can attach to samba using the Kerberos credentials on their windows XP PCs. I would now like to kerberise the unix applications. Statring with the supplied Sun rlogind, telnetd, etc. As I understand things I now need to have a host key on the end systems. Will samba's net ads keytab create do

???????????? samba, I compile kerberos5 root@romanof2 : cd /usr/ports/security/krb5/ root@romanof2 : make && make install && make clean && rehash ------------------------------------------------------ This port of MIT Kerberos 5 includes remote login daemons (telnetd and klogind). These daemons default to using the system login program (/usr/bin/login). Please see the

https://bugzilla.mindrot.org/show_bug.cgi?id=1284 Michael Felt <aixtools at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aixtools at gmail.com --- Comment #1 from Michael Felt <aixtools at gmail.com> --- Just thought it could be

I'm not on this mailing list so please make sure that I'm listed in any replies. There seems to be a basic flaw in either AIX pty's or many Linux applications and sshd falls into this category. sshd has a routine called openpty and it looks like ssh's version mimics the version in Linux. (I'm not sure where openpty comes from -- I'm assuming Linux.) The key to

Package: logcheck-database Version: 1.3.13 Severity: normal The rule for SSH ignoring "Bad protocol version identification" assumes there are no single quotes inside the version string ('[^']'). I am however getting mails including those lines: Mar 25 22:57:04 Debian-60-squeeze-64-minimal sshd[12144]: Bad protocol version identification

Package: logcheck-database Version: 1.3.8 Severity: wishlist HI, can you please create a rule/some rules for amavis(d-new). I get for every mail this mesage: May 25 19:55:40 data amavis[9603]: (09603-15) Passed CLEAN, [::1] [213.165.64.22] <xxx at yyy.zz> -> \ <aaa at localhost>, Message-ID: <20100525175015.29677page1 at mx002.bbb.ccc>, mail_id: MM7upJv6se1Z, \ Hits:

Package: logcheck-database Version: 1.3.13 Severity: normal Tags: patch After upgrading to debian squeeze I get several messages a day in the form of: Jul 2 15:05:15 hostname spamd[21286]: spamd: handled cleanup of child pid [28609] due to SIGCHLD: exit 0 This is due to an update in spamd, that makes the message more detailed (includes exit code)[1]. Therefore messages including exit code 0

Hi All, Pls has anyone successfully installed Samba 3 on an AIX 4.3 (RS6000) system? The only precompiled binary I was able to find - v 3.0.4 from bullfreeware.com did not work after installation. I haven't been successful trying to install it from source. I have downloaded various requisite programs such as kerberos (which won't compile either) and openldap. I am particularly

All, I am having a winbind module load error on aix 7.1 trying to load winbind module for 3.6.0. methods.cfg WINBIND: program_64 = /usr/lib/security/WINBIND_64 (have tried authonly here) NIS: program = /usr/lib/security/NIS program_64 = /usr/lib/security/NIS_64 DCE: program = /usr/lib/security/DCE [root] on [barrow] on [/rehash/samba-3.6.0] {932}

All, I am having a winbind module load error on aix 7.1 trying to load winbind module for 3.6.0. methods.cfg WINBIND: program_64 = /usr/lib/security/WINBIND_64 (have tried authonly here) NIS: program = /usr/lib/security/NIS program_64 = /usr/lib/security/NIS_64 DCE: program = /usr/lib/security/DCE [root] on [barrow] on [/rehash/samba-3.6.0] {932}