Les Mikesell <lesmikesell at gmail.com> schrieb am 27.10.2009 16:29:18: > Frank.Brodbeck at klingel.de wrote: > > Les Mikesell <lesmikesell at gmail.com> schrieb am 27.10.2009 16:04:56: > > > >> Victor Subervi wrote: > >>> What I was interested in doing was to make it impossible for root to > >>> login directly, but rather enable other users to login and then su to > >>> root. So I edited /etc/ssh/sshd_config to read: > >>> #PermitRootLogin no > >>> (It was the dir I didn't know.) It initially said "yes", but it was > > and > >>> is commented. How is it that I then and still can login directly as > >>> root? Is reboot necessary? > >> It's not going to have any effect unless you remove the # sign. You > >> don't need to reboot, but do a 'service sshd restart'. > > > > Please, *don't* restart the service. If you fuck up your sshd_config > > and you have no OOB remote access you're lost. `service sshd reload' is > > something more recommendable as it doesn't drop your current SSH sessions. > > I've done a restart without being dropped. Are you sure it is supposed > to drop existing connections? See me baffled. It is at least what I was expecting and I think it happens on some distros. Though reading /etc/init.d/sshd clearly shows that calling stop isn't suppossed to kill all connections. Which is funny, at least I would expect a service sshd stop to drop all ssh sessions. Good to know I have to kill all sessions by hand if I want to kick people out... :-/ Anyways, SIGHUP normally is enough to make OpenSSH reread it's configuration file, which makes it safe to use across distros and even platforms but this is a different story. Frank.