The RedHat docs worked. Thanks! V
On Tue, Oct 27, 2009 at 11:28 AM, Victor Subervi victorsubervi@gmail.comwrote:
Well, I'm baffled. Changing to this: PermitRootLogin no does nothing without reboot. With respect to the other, I have the following documentation:
# Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication mechanism. # Depending on your PAM configuration, this may bypass the setting of # PasswordAuthentication, PermitEmptyPasswords, and # "PermitRootLogin without-password". If you just want the PAM account and # session checks to run without PAM authentication, then enable this but set # ChallengeResponseAuthentication=no
I don't want PAM. Please advise. V
On Tue, Oct 27, 2009 at 11:16 AM, Frank.Brodbeck@klingel.de wrote:
Les Mikesell lesmikesell@gmail.com schrieb am 27.10.2009 16:04:56:
Victor Subervi wrote:
What I was interested in doing was to make it impossible for root to login directly, but rather enable other users to login and then su to root. So I edited /etc/ssh/sshd_config to read: #PermitRootLogin no (It was the dir I didn't know.) It initially said "yes", but it was
and
is commented. How is it that I then and still can login directly as root? Is reboot necessary?
It's not going to have any effect unless you remove the # sign. You don't need to reboot, but do a 'service sshd restart'.
Please, *don't* restart the service. If you fuck up your sshd_config and you have no OOB remote access you're lost. `service sshd reload' is something more recommendable as it doesn't drop your current SSH sessions.
Just for the records: Another way would be to set PermitRootLogin to without-password and thus pinning it down to logins via ssh-keys only.
Frank.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos