LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 09-25-2003, 09:46 AM   #1
zovres
Member
 
Registered: Sep 2002
Posts: 184

Rep: Reputation: 30
ssh access allowed only to root user?


I know I can give ssh permission to a specific ip or range of ip, but is it possible to give it to a specific user?

I my case I would like only root to be able to connect via ssh

thx
 
Old 09-25-2003, 10:21 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
Yes you can (man sshd_config, see the AllowUsers/AllowGroups directive), and no you must not do that: use an unprivileged login to get to the box and then use sudo to su to the root account.
 
Old 09-25-2003, 10:43 AM   #3
zovres
Member
 
Registered: Sep 2002
Posts: 184

Original Poster
Rep: Reputation: 30
man sshd_config, great thx

why shouldn't I do that? I mean, usually I ssh to config my computer so I do it using root.
oh I get it, it will transfert the root password via the internet....
ok I'll allow my user then... but if I su to root I will be required to enter the password anyway, so what is the difference?

great advice thx unSpawn
 
Old 09-25-2003, 12:28 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
oh I get it, it will transfert the root password via the internet.
Yes, but sniffing sshv2 isn't "trivial", it is just best practice to never let root do anything directly on a remote box.

but if I su to root I will be required to enter the password anyway
That's why I said "use sudo to su to the root account" because then you can use the users password instead. If you only need to do a few things as root then it's also best to set up commands for that in sudo, else if you really need a root shell, make sure you export a reasonable timout for the shell. And I don't have to tell you about good vs bad passwds, do I? :-]
 
Old 09-25-2003, 01:09 PM   #5
zovres
Member
 
Registered: Sep 2002
Posts: 184

Original Poster
Rep: Reputation: 30
hey thx man that makes complete sense

always good to have security tips like these
 
Old 09-25-2003, 04:19 PM   #6
fatgod
Member
 
Registered: Mar 2002
Location: Edinburgh, Scotland
Distribution: Suse 7.2, Gentoo 1.4, Solaris 9
Posts: 661

Rep: Reputation: 30
Dude, you should know, you probably already do but hey , ssh encrypts all traffic involved in the connection before it asks for the password. And if you really want security check out RSA or DSA key authentication. It rocks no more passwords transfered at all, just "ssh remotehost" and your given a prompt on the box. great stuff

It's explained in full, like only IBM know how here...

http://www-106.ibm.com/developerwork...ry/l-keyc.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to add user with root privileges and SSH access adamrad Linux - General 8 10-31-2006 02:53 PM
ssh problem: one user is allowed the other is refused! levent.ozkan Linux - Networking 5 10-05-2005 01:34 PM
SSH Root Access DediPlace Linux - Security 6 05-29-2005 11:05 AM
Prevent Root access with SSH rshooper Linux - Security 4 11-18-2004 01:05 PM
Squid ACL - what happens when a user go goes past their allowed access time? Grizzlednewbie Linux - Software 0 07-07-2004 12:37 AM


All times are GMT -5. The time now is 06:15 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration