SUMMARY: crontab -e with auditing via ssh

From: Michael Styer <mas_at_codix.net>
Date: Tue Mar 26 2002 - 14:45:15 EST
Thanks everyone who replied to my earlier message. For reference, I've
included it below.

Out of the responses I got, two worked, both essentially the same thing:

- enabling UseLogin in sshd_conf, suggested by Greg Gallagher and Joshua
    Fielden; and 
- enabling telnet to localhost via tcp_wrappers, suggested by Martin
    Hepworth and Olaf Hopp.

Both required that I change the setup to allow remote root logins,
i.e. comment out the line in /etc/default/login that says

CONSOLE=/dev/console

and both methods essentially amount to forcing root to login using what
solaris thinks is a normal login program (i.e., not ssh) so it can do its
auditing properly.

The box was already running OpenSSH 3.1p1, so the suggestion from Frederic
Delhommeau to upgrade wasn't an option, and 'su - root' after connecting
via ssh, suggested by a number of people, didn't work either.

Jim Malloy suggested getting a console server, which is definitely an
'ideal world' solution in my situation but would probably be the best
solution for someone with larger temporal and financial budgets.

Thanks also to Mark Bergman, John Elser, Kendally LLoyd, Mark Cohen, Rama
Subramaniam, Alan McIntosh, and Nicholas Dorfsman for your suggestions.

-mike

On Mon, 25 Mar 2002, Michael Styer wrote:

> Hi.
> 
> I'm managing a Solaris 8 server, and I'm having the same problem that Jim
> Sauer had last August and posted to this list, namely that with auditing
> turned on, editing the crontab over ssh causes all root cron jobs to fail
> because the values in /var/spool/cron/crontab/root.au are set incorrectly.
> 
> The solution posted to this list, which I found in the archives, was to
> login as root via the console and run crontab -e from there. My problem is
> that the server I'm managing is off in a hosting facility miles away, so I
> can't login at the console.
> 
> Does anyone know of a way to get around this?
> 
> Thanks in advance.
> 
> Mike

-- 
Michael Styer		mas@codix.net
phone: 020 7603 5723	107 Shepherd's Bush Rd
fax: 020 7603 2504	London W6 7LP
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Mar 26 13:46:36 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:38 EST