LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
LinkBack Search this Thread
Old 04-01-2005, 08:16 PM   #1
Thaidog
Member
 
Registered: Sep 2002
Location: Hilton Head, SC
Distribution: Gentoo
Posts: 616

Rep: Reputation: 32
Question How do you deny root logins with ssh?


What do I need to configure to deny root logins with ssh?
 
Old 04-01-2005, 08:58 PM   #2
mjmwired
Member
 
Registered: Apr 2004
Distribution: CentOS6, CentOS5, F16, F15, Ubuntu, OpenSuse
Posts: 620

Rep: Reputation: 39
Not sure if this applies to all distributions.

Look in /etc/ssh/sshd_config
Look for line: PermitRootLogin

(my mistake, I accidentally wrote /etc/ssh_config)

Last edited by mjmwired; 04-02-2005 at 11:54 AM.
 
Old 04-01-2005, 10:32 PM   #3
Thaidog
Member
 
Registered: Sep 2002
Location: Hilton Head, SC
Distribution: Gentoo
Posts: 616

Original Poster
Rep: Reputation: 32
Thanks... I've got a G4 as you can see from this cat'd file below... there is no line like that... can I add something?

haidogs-G4:/etc tylerm$ cat ssh_config
# $OpenBSD: ssh_config,v 1.16 2002/07/03 14:21:05 markus Exp $

# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for various options

# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
 
Old 04-02-2005, 02:05 AM   #4
Ben2210
Member
 
Registered: Feb 2004
Location: Toronto
Distribution: Arch
Posts: 146

Rep: Reputation: 16
It's not in ssh_config, it's in sshd_config.

On my system, the full path is /etc/ssh/sshd_config
 
Old 04-02-2005, 02:37 AM   #5
Thaidog
Member
 
Registered: Sep 2002
Location: Hilton Head, SC
Distribution: Gentoo
Posts: 616

Original Poster
Rep: Reputation: 32
Ok removed the # and put no.... thanks for the help!
 
Old 03-01-2006, 04:36 PM   #6
narmida
Member
 
Registered: Mar 2005
Location: Alphen aan den Rijn , netherlands
Distribution: core
Posts: 57

Rep: Reputation: 15
Other question: if u make a new user with password then it automaticly may login thru SSH.
if you installed the server a year ago you never remeber what to do.
so think a bit further with security :

permitroot must be always off
ssh version should always be 2 version 1 is a telnet like crap so u can sniff the passwords

and las but not least :

AllowUsers itsme andme

With this u say that only users itsme andme may login so if permit root is yes and allowusers is only a user root wont get in ;-)

if someone hacks half youre server and want to login with his account he CANT

this is why the most crappers bring their own ssh ;-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh: deny all users, except one hamish Linux - Security 13 09-07-2008 07:58 PM
how to deny ssh for ip range? maginotjr Slackware 11 11-01-2005 07:01 AM
How do i monitor SSH logins? gtwilliams Linux - Security 5 06-08-2005 10:43 PM
deny ip address with ssh DaWallace Slackware 16 05-31-2005 08:40 PM
Disabling the chroot in proftpd and enabling root logins on ssh/proftpd jon_k Linux - Software 1 06-16-2004 10:27 AM


All times are GMT -5. The time now is 12:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration