The use of SSH is likely standard in all environments. For security reasons, logging in as root via SSH is not permitted in most environments. This can be enforced by setting the PermitRootLogin attribute (in the /etc/ssh/sshd_config file) to “no“. The following describes how to develop a script for the AIX Security Expert that allows access to PermitRootLogin via aixpert.

We call the script for modifying and verifying PermitRootLogin local_chsshdconf and place it in the /etc/security/aixpert/bin directory. The prefix “local_” serves to distinguish it from the IBM commands and scripts.

First, we’ll make sure that no security level is active. If a security level is active, it should be disabled. This can be done by running “aixpert -u” one or more times:

# aixpert -u
# aixpert -u
There are no security rules to undo in file /etc/security/aixpert/core/appliedaixpert.xml
#

Any old log files and the check_report.txt file should also be removed:

# rm /etc/security/aixpert/check_report.txt /etc/security/aixpert/log/*
#

The script is developed step by step below.