🟠 High   ⏱ 5–30 min  Last verified: 20 May 2026
Affected versions: IBM AIX 7.2

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Root cannot log in via ssh or console and standard tools deny access.

Environment & Reproduction

After hardening change to /etc/security/user or /etc/ssh/sshd_config.

lssec -f /etc/security/user -s root -a rlogin
grep -i PermitRoot /etc/ssh/sshd_config
userdetails root

Root Cause Analysis

rlogin or sshd_config restricts root, or login.cfg locks the account after failed tries.

Quick Triage

Validate root attributes and recent login attempts.

lsuser -a rlogin login expires root
last root | head
userdetails root

Step-by-Step Diagnosis

Inspect login.cfg defaults and sshd_config PermitRootLogin.

lssec -f /etc/security/user -s root -a rlogin login
grep PermitRootLogin /etc/ssh/sshd_config
errpt | head
Illustrative mockup for aix-7.2 — terminal_or_shell
Reviewing root login attributes on AIX — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Re-enable controlled root login through console or sudo and update sshd_config.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

chuser rlogin=true login=true root
chsec -f /etc/ssh/sshd_config -s PermitRootLogin -a yes
stopsrc -s sshd; startsrc -s sshd
Illustrative mockup for aix-7.2 — log_or_config
Re-enabling controlled root login via chuser and sshd — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Boot to maintenance mode and reset attributes via chuser, or use HMC virtual console.

Verification & Acceptance Criteria

Authorized administrators log in as root from the console or via sudo.

userdetails root
ssh root@host
last root

Rollback Plan

Disable rlogin again after granting sudo to administrators.

chuser rlogin=false root
chsec -f /etc/ssh/sshd_config -s PermitRootLogin -a no
stopsrc -s sshd; startsrc -s sshd

Prevention & Hardening

Use sudo, a break-glass procedure, and HMC console access for emergencies.

Related to PAM failures, audit warnings, and account lockouts.

Related tutorial: View the step-by-step tutorial for aix-7.2.

View all aix-7.2 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

IBM AIX 7.2 security hardening guide.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.