Is there an alternative way for the user still able to use SSH to
login to AIX with RLOGIN=false?
Also for the user able to use SFTP with RLOGIN=false?

On Mar 7, 7:48 am, Dave <davehk...@gmail.com> wrote:
> Is there an alternative way for the user still able to use SSH to
> login to AIX with RLOGIN=false?
> Also for the user able to use SFTP with RLOGIN=false?

what are you wanting to achieve ?
Good idea having rlogin=false but it does restrict access "a bit"

On Mar 6, 6:12*pm, Henry <snogfest_hosebe...@yahoo.com> wrote:
> On Mar 7, 7:48 am, Dave <davehk...@gmail.com> wrote:
>
> > Is there an alternative way for the user still able to use SSH to
> > login to AIX with RLOGIN=false?
> > Also for the user able to use SFTP with RLOGIN=false?
>
> what are you wanting to achieve ?
> Good idea having rlogin=false but it does restrict access "a bit"

I am trying to help with the SFTP from MainFrame to AIX.
I thought the newer version of OpenSSH (4.3.x) is able to allow the
user use SSH clinet with RLOGIN=false.

Dave wrote:
> On Mar 6, 6:12 pm, Henry <snogfest_hosebe...@yahoo.com> wrote:
>> On Mar 7, 7:48 am, Dave <davehk...@gmail.com> wrote:
>>
>>> Is there an alternative way for the user still able to use SSH to
>>> login to AIX with RLOGIN=false?
>>> Also for the user able to use SFTP with RLOGIN=false?
>> what are you wanting to achieve ?
>> Good idea having rlogin=false but it does restrict access "a bit"
>
> I am trying to help with the SFTP from MainFrame to AIX.
> I thought the newer version of OpenSSH (4.3.x) is able to allow the
> user use SSH clinet with RLOGIN=false.

If I'm understanding the question correctly, and from my experiences
with ssh on AIX to date, ssh access and inetd services access (such as
login, rlogin, rsh, etc...) are 2 different things. ssh access is
controlled by /path/to/sshd_config (ssh server config) and
/path/to/ssh_config (client access config). So, "rlogin=false" should
not have anything to do with sftp, scp, ssh operations.

To see what "inetd" services are active (and this is specific to AIX,
not ssh) run lssrc -ls inetd (or see what is uncommented in
/etc/inetd.conf). To see whether a user can login (console), rlogin
(remote access via telnet), lsuser -a login rlogin username

Hope that helps...

Pete
p.s. Don't forget to "refresh -s inetd" if any services are changed or
stopsrc -s sshd && startsrc -s sshd to refresh sshd if any of its
configuration has been changed...P

On Mar 10, 2:50 am, Bob Dobbs <bdo...@subgenius.com> wrote:
> Dave wrote:
> > On Mar 6, 6:12 pm, Henry <snogfest_hosebe...@yahoo.com> wrote:
> >> On Mar 7, 7:48 am, Dave <davehk...@gmail.com> wrote:
>
> >>> Is there an alternative way for the user still able to use SSH to
> >>> login to AIX with RLOGIN=false?
> >>> Also for the user able to use SFTP with RLOGIN=false?
> >> what are you wanting to achieve ?
> >> Good idea having rlogin=false but it does restrict access "a bit"
>
> > I am trying to help with the SFTP from MainFrame to AIX.
> > I thought the newer version of OpenSSH (4.3.x) is able to allow the
> > user use SSH clinet with RLOGIN=false.
>
> If I'm understanding the question correctly, and from my experiences
> with ssh on AIX to date, ssh access and inetd services access (such as
> login, rlogin, rsh, etc...) are 2 different things. ssh access is
> controlled by /path/to/sshd_config (ssh server config) and
> /path/to/ssh_config (client access config). So, "rlogin=false" should
> not have anything to do with sftp, scp, ssh operations.
>
> To see what "inetd" services are active (and this is specific to AIX,
> not ssh) run lssrc -ls inetd (or see what is uncommented in
> /etc/inetd.conf). To see whether a user can login (console), rlogin
> (remote access via telnet), lsuser -a login rlogin username
>
> Hope that helps...
>
> Pete
> p.s. Don't forget to "refresh -s inetd" if any services are changed or
> stopsrc -s sshd && startsrc -s sshd to refresh sshd if any of its
> configuration has been changed...P

hmm... ok, I'm perhaps mistaken, because what you're saying makes a
lot of sense.

We are moving from openssh 4.3 to openssh 4.7. The behavior is different depending on version. All is under AIX 5.3.

openssh 4.3:

when rlogin=false, you CANNOT do ssh (interactive session), but you can do sftp (which use ssh underneath)

openssh 4.7p1:

when rlogin=false, you CANNOT do ssh AND sftp.

Anybody knows how to change the behavior to go back to the way 4.3 was working (and pls do not tell me to go back to 4.3 ).