[CentOS] Antwort: Re: Change from Root

Frank.Brodbeck at klingel.de Frank.Brodbeck at klingel.de
Tue Oct 27 15:16:37 UTC 2009

Les Mikesell <lesmikesell at gmail.com>  schrieb am 27.10.2009 16:04:56:

> Victor Subervi wrote:
> > What I was interested in doing was to make it impossible for root to 
> > login directly, but rather enable other users to login and then su to 
> > root. So I edited /etc/ssh/sshd_config to read:
> > #PermitRootLogin no
> > (It was the dir I didn't know.) It initially said "yes", but it was 
> > is commented. How is it that I then and still can login directly as 
> > root? Is reboot necessary?
> It's not going to have any effect unless you remove the # sign.  You 
> don't need to reboot, but do a 'service sshd restart'.

Please, *don't* restart the service. If you fuck up your sshd_config
and you have no OOB remote access you're lost. `service sshd reload' is 
something more recommendable as it doesn't drop your current SSH sessions.

Just for the records:
Another way would be to set PermitRootLogin to without-password and thus
pinning it down to logins via ssh-keys only.


More information about the CentOS mailing list