📖 ~1 min read
Table of contents
Symptom & Impact
After `aixpert -l high`, SSH logins are denied and `sudo` is unavailable for emergency access.
Environment & Reproduction
AIX 7.2 host where the high-security template was applied without review.
Root Cause Analysis
AIX Security Expert disabled `loginrestrictions` for root and tightened `/etc/security/login.cfg`.
Quick Triage
Console in as root, run `aixpert -p` to view applied rules, and `lssec -f /etc/security/user`.
Step-by-Step Diagnosis
Capture `/etc/security/aixpert/log/aixpertall.xml` and the `aixpert.log` from the run.
Solution – Primary Fix
Roll back to defaults: `aixpert -u` and reboot to clear cached login restrictions.
Still having issues? Our IT Consulting team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Reapply a tailored XML profile: `aixpert -f /etc/security/aixpert/custom/medium.xml -a`.
Verification & Acceptance Criteria
`ssh user@host` succeeds and `lsuser -a rlogin login user` shows expected values.
Rollback Plan
Restore the saved policy with `aixpert -f undo.xml` from before the change.
Prevention & Hardening
Always run `aixpert -c` in check mode against a non-prod LPAR before applying.
Related Errors & Cross-Refs
Pairs with `SECURITY_REJECT` errpt and PAM stack failures on `sshd`.
Related tutorial: View the step-by-step tutorial for aix-7.2.
View all aix-7.2 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
IBM Docs: AIX Security Expert (`aixpert`), `/etc/security/login.cfg`.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
