Karalyn Capone wrote:
/etc/ssh/sshd_config, for one.
mark
inittab to comment out all six ttys, at your own peril of course.
—
Billy Crook • Network and Security Administrator • RiskAnalytics, LLC
Thanks,
Been trying this, but not gettting anywhere. sshd_config, I was able to disable authentication login from sleep.
Editing initab and commenting out the last line blew my install. NOOBBB
Any other ideas?
Karalyn Capone wrote:
Clarify, please: do you want to deny *all* logins at the console (a bad idea), or just root login from anywhere?
mark
Curious why login/password needs to be disabled for remote admin.. ?
You could have a ‘blank’ root password by editing the /etc/shadow and removing the password hash in the root entry.
ie:
change first line from:
root:$1$/Pf93ewQ7p$CkblarG3W5hWDZ2hXnBUn/:15530:0:99999:7:::
to root::15530:0:99999:7:::
Then, logging in as root and for password.
Only if security is not a concern though.
remove the screen?
disabling any and all console login sounds like a bad idea
Not disable the screen. I just want the machine to log in on boot automatically.
Thanks, Karalyn
Sent from my iPhone
huh? linux boots up and runs all services without any console log on. This isn’t MS Windows.
anything you want running automatically, put it in a service script in
/etc/rc.d/init.d and symlinked to appropriate run level directories via chkconfig servicename on
or put it in /etc/rc.local although that method is rather deprecated.
Hi, from reading this thread I am beginning to think that the OP has a Desktop type install and wants people to be able to be logged in as a specific user without entering a password.
but he said its headless, and will be remote administered, so the idea of a default logon is baffling to me.
most of my servers have remote console boards in them, ipmi or whatever, but I only use those when I’m installing the OS, or repairing a problem. I don’t start the GUI, so they sit at a text mode logon prompt.
I guess I’m an artifact :)
I use /etc/rc.local. and chkconfig level 99 to start my “local” scripts… Guess some old habits don’t die very well :)
As far as local logins, yes don’t disable it and use a strong password.
For remote logins, I use 4096 bit encryption, disable root and password logins and use 4096 bit rsa_keys to login as a local user. Then su to root to do what I need to. I love looking at the logs and seeing the foolish saps who keep trying brute force password attacks :)
For backups I use rsync and give the local user su rights to it.
Hopefully some of this helps…
Richard
–
Am 20.05.2014 um 23:26 schrieb Karalyn Capone :
despite the semantic behind this (for EL6!):
grep ACTIVE_CONSOLES /etc/sysconfig/init
I can think of a time/place where you would NOT want people to have to log in. You are setting up either virtualized sessions or a standalone kiosk where you want people to be able to go specific locations/websites But not have to log on.
For instance, you have a kiosk, not connected to the internet, and you want people to be able to view your standalone web pages Another instance, is a business center where you want people to be able to surf specific web pages, you set up a user with no password who goes straight to the webpage or java app and has very restricted access (even having the whole thing on a read only filesystem…except for logs
none of those are headless.
I think we’re all still confused.
If it’s going to be headless and remotely administered, why do you want it to login automatically on the console?
–
You know I have a couple machines I use that might fit that description. They autologin to gnome and autostart firefox pointed at say, a cacti page.
When I need to change the url, I update the script that launches Firefox, and and restart X, all over ssh. There’s no keyboard or mouse on the remote machine, but there is a monitor. I don’t know that I’d call it headless. But it’s definitely remotely administered, and still has a screen enabled.
What a fun guessing game.
—
Billy Crook • Network and Security Administrator • RiskAnalytics, LLC
I’d call that kiosk mode:-)
That’s how I hostnamed them anyway. But after more thinking they’re more like digital signage than a kiosk.
The things you interact with to print boarding passes at the airports are kiosks. self checkout at a store is kiosk. The things that search for stores and give you directions at a large mall are kiosks. Kiosks interact with humans who do not have (or want) OS logon credentials.
Instead, these things are only displaying information and do not interact. There’s got to be a better term for that than digital signage.
—
Billy Crook • Network and Security Administrator • RiskAnalytics, LLC
19 thoughts on - Disable Login At Boot
Karalyn Capone wrote:
/etc/ssh/sshd_config, for one.
mark
inittab to comment out all six ttys, at your own peril of course.
—
Billy Crook • Network and Security Administrator • RiskAnalytics, LLC
Thanks,
Been trying this, but not gettting anywhere. sshd_config, I was able to disable authentication login from sleep.
Editing initab and commenting out the last line blew my install. NOOBBB
Any other ideas?
Karalyn Capone wrote:
Clarify, please: do you want to deny *all* logins at the console (a bad idea), or just root login from anywhere?
mark
Curious why login/password needs to be disabled for remote admin.. ?
You could have a ‘blank’ root password by editing the /etc/shadow and removing the password hash in the root entry.
ie:
change first line from:
root:$1$/Pf93ewQ7p$CkblarG3W5hWDZ2hXnBUn/:15530:0:99999:7:::
to root::15530:0:99999:7:::
Then, logging in as root and for password.
Only if security is not a concern though.
remove the screen?
disabling any and all console login sounds like a bad idea
Not disable the screen. I just want the machine to log in on boot automatically.
Thanks, Karalyn
Sent from my iPhone
huh? linux boots up and runs all services without any console log on. This isn’t MS Windows.
anything you want running automatically, put it in a service script in
/etc/rc.d/init.d and symlinked to appropriate run level directories via chkconfig servicename on
or put it in /etc/rc.local although that method is rather deprecated.
Hi, from reading this thread I am beginning to think that the OP has a Desktop type install and wants people to be able to be logged in as a specific user without entering a password.
If I am correct does the advice at the bottom of this page may work https://www.CentOS.org/forums/viewtopic.php?tV25
I haven’t tested this myself :)
but he said its headless, and will be remote administered, so the idea of a default logon is baffling to me.
most of my servers have remote console boards in them, ipmi or whatever, but I only use those when I’m installing the OS, or repairing a problem. I don’t start the GUI, so they sit at a text mode logon prompt.
I guess I’m an artifact :)
I use /etc/rc.local. and chkconfig level 99 to start my “local” scripts… Guess some old habits don’t die very well :)
As far as local logins, yes don’t disable it and use a strong password.
For remote logins, I use 4096 bit encryption, disable root and password logins and use 4096 bit rsa_keys to login as a local user. Then su to root to do what I need to. I love looking at the logs and seeing the foolish saps who keep trying brute force password attacks :)
For backups I use rsync and give the local user su rights to it.
Hopefully some of this helps…
Richard
–
Am 20.05.2014 um 23:26 schrieb Karalyn Capone:
despite the semantic behind this (for EL6!):
grep ACTIVE_CONSOLES /etc/sysconfig/init
I can think of a time/place where you would NOT want people to have to log in. You are setting up either virtualized sessions or a standalone kiosk where you want people to be able to go specific locations/websites But not have to log on.
For instance, you have a kiosk, not connected to the internet, and you want people to be able to view your standalone web pages Another instance, is a business center where you want people to be able to surf specific web pages, you set up a user with no password who goes straight to the webpage or java app and has very restricted access (even having the whole thing on a read only filesystem…except for logs
none of those are headless.
I think we’re all still confused.
If it’s going to be headless and remotely administered, why do you want it to login automatically on the console?
–
You know I have a couple machines I use that might fit that description. They autologin to gnome and autostart firefox pointed at say, a cacti page.
When I need to change the url, I update the script that launches Firefox, and and restart X, all over ssh. There’s no keyboard or mouse on the remote machine, but there is a monitor. I don’t know that I’d call it headless. But it’s definitely remotely administered, and still has a screen enabled.
What a fun guessing game.
—
Billy Crook • Network and Security Administrator • RiskAnalytics, LLC
I’d call that kiosk mode:-)
That’s how I hostnamed them anyway. But after more thinking they’re more like digital signage than a kiosk.
The things you interact with to print boarding passes at the airports are kiosks. self checkout at a store is kiosk. The things that search for stores and give you directions at a large mall are kiosks. Kiosks interact with humans who do not have (or want) OS logon credentials.
Instead, these things are only displaying information and do not interact. There’s got to be a better term for that than digital signage.
—
Billy Crook • Network and Security Administrator • RiskAnalytics, LLC
Yep, I can agree with that.