[CentOS] Antwort: Re: Change from Root

Tue Oct 27 15:50:49 UTC 2009
Frank.Brodbeck at klingel.de <Frank.Brodbeck at klingel.de>

Les Mikesell <lesmikesell at gmail.com>  schrieb am 27.10.2009 16:29:18:

> Frank.Brodbeck at klingel.de wrote:
> > Les Mikesell <lesmikesell at gmail.com>  schrieb am 27.10.2009 16:04:56:
> > 
> >> Victor Subervi wrote:
> >>> What I was interested in doing was to make it impossible for root to 

> >>> login directly, but rather enable other users to login and then su 
to 
> >>> root. So I edited /etc/ssh/sshd_config to read:
> >>> #PermitRootLogin no
> >>> (It was the dir I didn't know.) It initially said "yes", but it was 
> > and 
> >>> is commented. How is it that I then and still can login directly as 
> >>> root? Is reboot necessary?
> >> It's not going to have any effect unless you remove the # sign.  You 
> >> don't need to reboot, but do a 'service sshd restart'.
> > 
> > Please, *don't* restart the service. If you fuck up your sshd_config
> > and you have no OOB remote access you're lost. `service sshd reload' 
is 
> > something more recommendable as it doesn't drop your current SSH 
sessions.
> 
> I've done a restart without being dropped.  Are you sure it is supposed 
> to drop existing connections?

See me baffled.

It is at least what I was expecting and I think it happens on some 
distros.
Though reading /etc/init.d/sshd clearly shows that calling stop isn't
suppossed to kill all connections. Which is funny, at least I would
expect a service sshd stop to drop all ssh sessions. Good to know I have
to kill all sessions by hand if I want to kick people out... :-/

Anyways, SIGHUP normally is enough to make OpenSSH reread it's
configuration file, which makes it safe to use across distros and even
platforms but this is a different story.

Frank.