The RedHat docs worked. Thanks! V On Tue, Oct 27, 2009 at 11:28 AM, Victor Subervi <victorsubervi at gmail.com>wrote: > Well, I'm baffled. Changing to this: > PermitRootLogin no > does nothing without reboot. With respect to the other, I have the > following documentation: > > # Set this to 'yes' to enable PAM authentication, account processing, > # and session processing. If this is enabled, PAM authentication will > # be allowed through the ChallengeResponseAuthentication mechanism. > # Depending on your PAM configuration, this may bypass the setting of > # PasswordAuthentication, PermitEmptyPasswords, and > # "PermitRootLogin without-password". If you just want the PAM account and > # session checks to run without PAM authentication, then enable this but > set > # ChallengeResponseAuthentication=no > > I don't want PAM. Please advise. > V > > On Tue, Oct 27, 2009 at 11:16 AM, <Frank.Brodbeck at klingel.de> wrote: > >> Les Mikesell <lesmikesell at gmail.com> schrieb am 27.10.2009 16:04:56: >> >> > Victor Subervi wrote: >> > > What I was interested in doing was to make it impossible for root to >> > > login directly, but rather enable other users to login and then su to >> > > root. So I edited /etc/ssh/sshd_config to read: >> > > #PermitRootLogin no >> > > (It was the dir I didn't know.) It initially said "yes", but it was >> and >> > > is commented. How is it that I then and still can login directly as >> > > root? Is reboot necessary? >> > >> > It's not going to have any effect unless you remove the # sign. You >> > don't need to reboot, but do a 'service sshd restart'. >> >> Please, *don't* restart the service. If you fuck up your sshd_config >> and you have no OOB remote access you're lost. `service sshd reload' is >> something more recommendable as it doesn't drop your current SSH sessions. >> >> Just for the records: >> Another way would be to set PermitRootLogin to without-password and thus >> pinning it down to logins via ssh-keys only. >> >> Frank. >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20091027/4ef67cf1/attachment-0005.html>