On Mar 10, 2:50 am, Bob Dobbs <bdo...@subgenius.com> wrote:
> Dave wrote:
> > On Mar 6, 6:12 pm, Henry <snogfest_hosebe...@yahoo.com> wrote:
> >> On Mar 7, 7:48 am, Dave <davehk...@gmail.com> wrote:
>
> >>> Is there an alternative way for the user still able to use SSH to
> >>> login to AIX with RLOGIN=false?
> >>> Also for the user able to use SFTP with RLOGIN=false?
> >> what are you wanting to achieve ?
> >> Good idea having rlogin=false but it does restrict access "a bit"
>
> > I am trying to help with the SFTP from MainFrame to AIX.
> > I thought the newer version of OpenSSH (4.3.x) is able to allow the
> > user use SSH clinet with RLOGIN=false.
>
> If I'm understanding the question correctly, and from my experiences
> with ssh on AIX to date, ssh access and inetd services access (such as
> login, rlogin, rsh, etc...) are 2 different things. ssh access is
> controlled by /path/to/sshd_config (ssh server config) and
> /path/to/ssh_config (client access config). So, "rlogin=false" should
> not have anything to do with sftp, scp, ssh operations.
>
> To see what "inetd" services are active (and this is specific to AIX,
> not ssh) run lssrc -ls inetd (or see what is uncommented in
> /etc/inetd.conf). To see whether a user can login (console), rlogin
> (remote access via telnet), lsuser -a login rlogin username
>
> Hope that helps...
>
> Pete
> p.s. Don't forget to "refresh -s inetd" if any services are changed or
> stopsrc -s sshd && startsrc -s sshd to refresh sshd if any of its
> configuration has been changed...P

hmm... ok, I'm perhaps mistaken, because what you're saying makes a
lot of sense.