Disabling Root Access on OC3C Servers
(Doc ID 2637350.1)
Last updated on FEBRUARY 12, 2020
Applies to:Oracle Communications Convergent Charging Controller - Version 6.0.1 and later
Information in this document applies to any platform.
On both Oracle Communications Convergent Charging Controller (OC3C) and Oracle Communications Network Charging and Control (OCNCC or NCC) the current goal is to disable the root access to the system nodes and let only the access via ssh keys. This can be done by setting "PermitRootLogin prohibit-password" in SSH configuration file.
Qn1: Please confirm that this change won't cause any problems in system functionality and operation.
Some background history for PermitRootLogin parameter:
PermitRootLogin – is an important directive in SSH configuration file to control the ssh login as root user. You can enable / disable root login access using this directive in ssh configuration file.
It is useful to protect the server from others by disabling the root user from SSH. In this method, you can assign SSH authentication to a user in your server and you can change to root after establishing a connection as user.
You can manage this from SSH conf file. Just open the configuration file, make changes, and restart service.
PermitRootLogin=without-password/prohibit-password - With that configuration you cannot login in as root with a password. Use keys instead.
* PermitRootLogin=without-password/prohibit-password now bans all interactive authentication methods, allowing only public-key, hostbased and GSSAPI authentication (previously it permitted keyboard-interactive and password-less authentication if those were enabled).
* sshd_config(5): In the latest versions of SSH, PermitRootLogin now accepts an argument of 'prohibit-password' as a less-ambiguous synonym of 'without-password'.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document