Hi; How do I make it so that it's impossible to SSH into the server directly as root? That is, make it necessary to SSH in as an ordinary user and then su to root? TIA, Suzie
You can edit sshd_config, find PermitRootLogin yes and replace yes to no. Like this:
PermitRootLogin no
This is disallow root for directly login from ssh.
-DS-
-----Original Message----- From: Susan Day suzieprogrammer@gmail.com Date: Tue, 5 Jan 2010 09:11:17 To: CentOS mailing listcentos@centos.org Subject: [CentOS] Signing In Other than Root
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Susan Day wrote:
Hi; How do I make it so that it's impossible to SSH into the server directly as root? That is, make it necessary to SSH in as an ordinary user and then su to root? TIA, Suzie
# vim /etc/ssh/sshd_config
Uncomment the following line:
#PermitRootLogin yes PermitRootLogin no
# service sshd restart
Regards, Max
On Tue, Jan 5, 2010 at 9:16 AM, Max Hetrick maxhetrick@verizon.net wrote:
Susan Day wrote:
Hi; How do I make it so that it's impossible to SSH into the server directly as root? That is, make it necessary to SSH in as an ordinary user and then su to root? TIA, Suzie
# vim /etc/ssh/sshd_config
Uncomment the following line:
#PermitRootLogin yes PermitRootLogin no
# service sshd restart
Thanks! Suzie
On Tue, January 5, 2010 8:11 am, Susan Day wrote:
Hi; How do I make it so that it's impossible to SSH into the server directly as root? That is, make it necessary to SSH in as an ordinary user and then su to root? TIA, Suzie _______________________________________________
You can add all users to a group, lets say remote_group, and then in sshd.conf specify that only users from that group are allowed to login via ssh.
Bo Lynch
Hi,
How do I make it so that it's impossible to SSH into the server directly as root?
man ssh_config ->
PermitRootLogin Specifies whether root can login using ssh(1). The argument must be "yes", "without-password", "forced-commands-only" or "no". The default is "yes".
If this option is set to "without-password" password authentica- tion is disabled for root. Note that other authentication meth- ods (e.g., keyboard-interactive/PAM) may still allow root to login using a password.
If this option is set to "forced-commands-only" root login with public key authentication will be allowed, but only if the command option has been specified (which may be useful for tak- ing remote backups even if root login is normally not allowed). All other authentication methods are disabled for root.
If this option is set to "no" root is not allowed to login.
You have to restart the SSH server (service sshd restart) after modifying the file /etc/ssh/sshd_config.
Chris
From: Susan Day suzieprogrammer@gmail.com
How do I make it so that it's impossible to SSH into the server directly as root? That is, make it necessary to SSH in as an ordinary user and then su to root?
Google says:
/etc/ssh/sshd_config: PermitRootLogin no
JD
-
Bo Lynch -
Christoph Neuhaus -
david@pnyet.web.id -
John Doe -
Max Hetrick -
Susan Day