LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-11-2007, 05:43 AM   #1
TomCruise2002
LQ Newbie
 
Registered: Sep 2002
Posts: 12

Rep: Reputation: 0
Access.conf


I am trying to restrict root access to 2 IP addresses and of course to localhost. All other machines cannot login to the machine through root user.

I am logged into 4 machines:
user0@192.168.1.100
user1@192.168.1.101
user2@192.168.1.102
user3@192.168.1.103

I should only be allowed to type in ssh root@192.168.1.100 from user3@192.168.1.103 and user2@192.168.1.102.

I tried putting this in /etc/security/access.conf:
+ : root : 192.168.1.102 192.168.1.103
- : root : ALL

But I still can't login root@192.168.1.100 from 192.168.1.102 and 192.168.1.103.

1. Are the above 2 lines correct?
2. What should they be if they are wrong.

I am using Redhat Linux 7.3
 
Old 10-11-2007, 05:52 AM   #2
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
I'm on really shakey ground here, but is /etc/security/access.conf even relevant for ssh? I have my specific ssh allowed users, etc in /etc/ssh/sshd_config
 
Old 10-11-2007, 01:20 PM   #3
TomCruise2002
LQ Newbie
 
Registered: Sep 2002
Posts: 12

Original Poster
Rep: Reputation: 0
Can you show me how to configure the sshd_config file.

From user1@192.168.1.101, a bash script logs in root@192.168.1.100 to change file permisions such as owner, group in the latter server.
But audit says you should not log in remotely as root, so I was wondering what the solution should be? From user1@192.168.1.101, perhaps I can log in as user0@192.168.1.100 then I will have to figure how to su - root without entering the password.
 
Old 10-12-2007, 02:48 AM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
To avoid remote doing login as root, login as normal user then either:

1. su -
which will take you to root user (need root passwd)
or
2. sudo su -
which will take into root, need your normal user passwd
for this you need to use visudo to setup sudo file first.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Restrict X server access using /etc/security/access.conf anand_kt Linux - General 0 04-22-2005 09:40 AM
can't access /etc/resolv.conf woodland56 Linux - Networking 1 03-06-2005 06:11 PM
how do i modify my smb.conf to allow anyone access ... Lleb_KCir Linux - Software 4 11-27-2004 05:55 PM
how to access and change grub.conf? kamaboko Linux - Newbie 2 04-24-2004 06:37 AM
lilo.conf and grub.conf no read access shanenin Linux - Software 1 10-02-2003 04:53 PM


All times are GMT -5. The time now is 12:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration