Allowing root ssh logins to Solaris machines

I’ve been away from Solaris for 5 months, but I need some VMs for NFSv4 testing, which means beating my head against modernization such as RBAC, pfexec, and NWAM.

I prefer to treat my lab Unix machines as inter-changable boxes and do all of my configuration up front. I want to be able to do an SSH root login, especially if the system goes out of the way to make that hard.

There are currently 3 things you have to do to violate this security truism on either OpenSolaris or Solaris 11:

1) Modify PermitRootLogin to yes in /etc/ssh/sshd_config.

2) Comment out the “CONSOLE=/dev/console” line in /etc/default/login.

3) Remove “;type=role” from the root entry in /etc/user_attr.

5 Responses to “Allowing root ssh logins to Solaris machines”

  1. Jun says:

    Thanks a lot! I wasted half day for this! Appreciate your help! I figured the other ones but the /etc/user_attr I couldnt find anywhere!

  2. John Lee says:

    Awesome resource man. Thanx.

  3. Dan Pritts says:

    This of course also works for OpenIndiana – which I mention only so google will index it.

    Thanks for the post.

  4. DeWitt says:

    Hello,

    I also had the same problem on opensolaris 2008.11, whereas I tried to login to root, using the /etc/ssh/sshd_config feature, but received the “Permission denied” message. Have been reading the various postings on this very issue, and just about gave up trying to get root login. I know that it was setup when the OS was installed, but since my personal login is restricted, I am unable to do any Administrator functions. What could I be doing wrong. Any help would be appreciated.

    Thank you,

    DeWitt

  5. Michael says:

    Worked on my OpenIndiana 152, thanks!

Leave a Reply