As in the Solaris OS, root can log in remotely from a labeled system when the CONSOLE entry is disabled.
If you plan to administer a remote system by editing local files, use this procedure.
In the trusted editor, comment out the CONSOLE= line in the /etc/default/login file.
# /usr/dt/bin/trusted_edit /etc/default/login |
The edited line appears similar to the following:
#CONSOLE=/dev/console |
Permit root user login over an ssh connection.
Modify the /etc/ssh/sshd_config file. By default, ssh is enabled on a Solaris system.
# /usr/dt/bin/trusted_edit /etc/ssh/sshd_config |
The edited line appears similar to the following:
PermitRootLogin yes |
To log in as the root user from an unlabeled system, you must also complete Enable Remote Login From an Unlabeled System.
To enable remote login by a role, continue with Enable Remote Login by a Role in Trusted Extensions.