Well, I'm baffled. Changing to this: PermitRootLogin no does nothing without reboot. With respect to the other, I have the following documentation: # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication mechanism. # Depending on your PAM configuration, this may bypass the setting of # PasswordAuthentication, PermitEmptyPasswords, and # "PermitRootLogin without-password". If you just want the PAM account and # session checks to run without PAM authentication, then enable this but set # ChallengeResponseAuthentication=no I don't want PAM. Please advise. V On Tue, Oct 27, 2009 at 11:16 AM, <Frank.Brodbeck at klingel.de> wrote: > Les Mikesell <lesmikesell at gmail.com> schrieb am 27.10.2009 16:04:56: > > > Victor Subervi wrote: > > > What I was interested in doing was to make it impossible for root to > > > login directly, but rather enable other users to login and then su to > > > root. So I edited /etc/ssh/sshd_config to read: > > > #PermitRootLogin no > > > (It was the dir I didn't know.) It initially said "yes", but it was > and > > > is commented. How is it that I then and still can login directly as > > > root? Is reboot necessary? > > > > It's not going to have any effect unless you remove the # sign. You > > don't need to reboot, but do a 'service sshd restart'. > > Please, *don't* restart the service. If you fuck up your sshd_config > and you have no OOB remote access you're lost. `service sshd reload' is > something more recommendable as it doesn't drop your current SSH sessions. > > Just for the records: > Another way would be to set PermitRootLogin to without-password and thus > pinning it down to logins via ssh-keys only. > > Frank. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20091027/e58d5aaf/attachment-0005.html>