Disabling root logon to control station

Question

Hello,

Our security guys have asked me if it is possible to disable the root login on the Celerra control station to meet our security policy.

Is this possible (do I just edit sshd_config?) and more importantly what will it break if I do this?

Thanks.

Sheppie

Rainer_EMC · Accepted Answer

just restricting remote login as root through ssh config should be fine

As long as you are able to sudo to root and nasadmin

just dont disable root or lock yourself out (knowing how to connect to the control station serial port is sometimes very handy)

If you're more of a GUI user look at the new capabilities in 5.6 to tie Celerra Manager accounts to Windows domain users and groups. Doesnt work for CLI yet though.

sheppie · Answer

OK thanks Rainer.Sheppie

Rainer_EMC · Answer

actually you can also enable and disable modem dialin through the GUIJust login to Celerra Manager as rootin 5.5 its in the Conrol Station properties tabin 5.6 its in Support -> Connect Home

dynamox · Answer

my security folks asked as to take it a step further ..we had to disable dial-in on the control station. So whenever EMC needs to dial-in into the box, they call our operations center and only then dial-in gets enabled on the control station. Control station can still call-home with errors.

Scripts to enable/disable dial-in is here:

/nas/sbin/ch_dialin_disable
/nas/sbin/ch_dialin_enable

to disable modem dial-in you would run:

/nas/sbin/ch_dialin_disable ttyS0

dynamox · Answer

but the time i login to Celerra GUI ( did i tell you i love Java ? ) ..and enable it via the Manager ...i could have done it via cli and already forgotten about it.

Celerra

Disabling root logon to control station

Was this post helpful?