[CentOS] Antwort: Re: Change from Root

Tue Oct 27 15:31:05 UTC 2009
Victor Subervi <victorsubervi at gmail.com>

The RedHat docs worked. Thanks!
V

On Tue, Oct 27, 2009 at 11:28 AM, Victor Subervi <victorsubervi at gmail.com>wrote:

> Well, I'm baffled. Changing to this:
> PermitRootLogin no
> does nothing without reboot. With respect to the other, I have the
> following documentation:
>
> # Set this to 'yes' to enable PAM authentication, account processing,
> # and session processing. If this is enabled, PAM authentication will
> # be allowed through the ChallengeResponseAuthentication mechanism.
> # Depending on your PAM configuration, this may bypass the setting of
> # PasswordAuthentication, PermitEmptyPasswords, and
> # "PermitRootLogin without-password". If you just want the PAM account and
> # session checks to run without PAM authentication, then enable this but
> set
> # ChallengeResponseAuthentication=no
>
> I don't want PAM. Please advise.
> V
>
> On Tue, Oct 27, 2009 at 11:16 AM, <Frank.Brodbeck at klingel.de> wrote:
>
>> Les Mikesell <lesmikesell at gmail.com>  schrieb am 27.10.2009 16:04:56:
>>
>> > Victor Subervi wrote:
>> > > What I was interested in doing was to make it impossible for root to
>> > > login directly, but rather enable other users to login and then su to
>> > > root. So I edited /etc/ssh/sshd_config to read:
>> > > #PermitRootLogin no
>> > > (It was the dir I didn't know.) It initially said "yes", but it was
>> and
>> > > is commented. How is it that I then and still can login directly as
>> > > root? Is reboot necessary?
>> >
>> > It's not going to have any effect unless you remove the # sign.  You
>> > don't need to reboot, but do a 'service sshd restart'.
>>
>> Please, *don't* restart the service. If you fuck up your sshd_config
>> and you have no OOB remote access you're lost. `service sshd reload' is
>> something more recommendable as it doesn't drop your current SSH sessions.
>>
>> Just for the records:
>> Another way would be to set PermitRootLogin to without-password and thus
>> pinning it down to logins via ssh-keys only.
>>
>> Frank.
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20091027/4ef67cf1/attachment-0005.html>