LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-09-2009, 05:33 PM   #1
DrStrangepork
LQ Newbie
 
Registered: Aug 2009
Posts: 22

Rep: Reputation: 15
SSHD config for root


I have a need to SSH into localhost as root to execute a command. I want to do this without allowing root to SSH in from external hosts. Is this possible?
 
Old 10-09-2009, 05:35 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
[ugh, I'm an idiot.]

Last edited by acid_kewpie; 10-10-2009 at 02:38 AM.
 
Old 10-09-2009, 05:55 PM   #3
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
I'm not familiar with Symbian, but you could accomplish this a couple different ways on RH-family distros.

The easiest of those (IMO) would be using the pam_access(8) facility. Add the following lines to /etc/security/access.conf:
Code:
+ : root : 127.0.0.1
+ : root : LOCAL
- : root : ALL
YMMV per distro.
 
Old 10-10-2009, 08:18 AM   #4
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Quote:
Originally Posted by DrStrangepork View Post
I have a need to SSH into localhost as root to execute a command. I want to do this without allowing root to SSH in from external hosts. Is this possible?
This is exactly the kind of situation sudo was built for. Put the command into the sudoers file using visudo and give your normal user permission to run it. Then when you SSH in as your normal user, you just use sudo to run the command as root.
 
Old 10-12-2009, 05:52 PM   #5
DrStrangepork
LQ Newbie
 
Registered: Aug 2009
Posts: 22

Original Poster
Rep: Reputation: 15
The sudo option is not working. You can read more on that here.

I am going to attempt the /etc/security/access.conf option and let you know what happens.
 
Old 10-12-2009, 06:02 PM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
"not working" and "not configured properly" really aren't the same thing ;-)

sudo is the right way to do this, whether you're used to configuring /etc/sudoers or not.
 
Old 10-13-2009, 09:42 AM   #7
DrStrangepork
LQ Newbie
 
Registered: Aug 2009
Posts: 22

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
"not working" and "not configured properly" really aren't the same thing ;-)

sudo is the right way to do this, whether you're used to configuring /etc/sudoers or not.
Feel free to comment on the post I referenced above then. I have made my sudoers config as open as possible to my nagios account, and I still get prompted for a login password.

------

I modified the access.conf file, and I am able to login locally as root. Thanks.
 
Old 10-13-2009, 08:28 PM   #8
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,258

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
Actually, you could have just used the ListenAddress option http://linux.die.net/man/5/sshd_config to only allow 127.0.0.1 .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied sumanc Linux - Server 5 03-28-2008 05:59 AM
Installed Freenx. Changed sshd config. Can't ssh root. CrewXp Linux - Software 1 08-13-2007 05:52 AM
sshd config ryancoolest Linux - Networking 9 07-07-2006 05:26 PM
sshd config saavik Linux - Security 2 09-21-2005 03:17 AM
SSHD config question Setheck Linux - Software 4 09-18-2005 09:44 AM


All times are GMT -5. The time now is 08:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration