[CentOS] Antwort: Re: Change from Root
victorsubervi at gmail.com
Tue Oct 27 16:28:02 UTC 2009
Well, I'm baffled. Changing to this:
does nothing without reboot. With respect to the other, I have the following
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
I don't want PAM. Please advise.
On Tue, Oct 27, 2009 at 11:16 AM, <Frank.Brodbeck at klingel.de> wrote:
> Les Mikesell <lesmikesell at gmail.com> schrieb am 27.10.2009 16:04:56:
> > Victor Subervi wrote:
> > > What I was interested in doing was to make it impossible for root to
> > > login directly, but rather enable other users to login and then su to
> > > root. So I edited /etc/ssh/sshd_config to read:
> > > #PermitRootLogin no
> > > (It was the dir I didn't know.) It initially said "yes", but it was
> > > is commented. How is it that I then and still can login directly as
> > > root? Is reboot necessary?
> > It's not going to have any effect unless you remove the # sign. You
> > don't need to reboot, but do a 'service sshd restart'.
> Please, *don't* restart the service. If you fuck up your sshd_config
> and you have no OOB remote access you're lost. `service sshd reload' is
> something more recommendable as it doesn't drop your current SSH sessions.
> Just for the records:
> Another way would be to set PermitRootLogin to without-password and thus
> pinning it down to logins via ssh-keys only.
> CentOS mailing list
> CentOS at centos.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the CentOS