rhel configure: limit root direct login to systems except through system consoles
Posted
by
zhaojing
on Server Fault
See other posts from Server Fault
or by zhaojing
Published on 2010-10-15T03:38:47Z
Indexed on
2011/01/04
14:55 UTC
Read the original article
Hit count: 286
I have to configure to limit root direct access except system consoles. That is, the ways of telnet, ftp, SSH are all prohibited. Root can only login through console. I understand that will require me to configure the file /etc/securetty. I have to comment all the tty, just keep "console" in /etc/securetty.
But from google, I found many peoples said that configure /etc/securetty will not limit the way of SSH login.
From my experiment, I found it is. (configure /etc/securetty won't limit SSH login).
And I add one line in /etc/pam.d/system-auth:
auth required pam_securetty
It seems root SSH login can be prohibited.
But I can't find the reason: What is the difference of configure pam_securetty and /etc/securetty? Can anyone help me with this? Only configure /etc/securetty could work? Or Have I to configure pam_securetty at the same time? Thanks a lot!
© Server Fault or respective owner