LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-09-2009, 05:08 PM   #1
smadcom
LQ Newbie
 
Registered: Jul 2009
Posts: 6

Rep: Reputation: 0
Stupid Newbie - I disabled root - HELP!


OK, this has got to be one of the dumbest mistakes ever made... in an attempt to secure my Centos 5.3 server I brilliantly go into it and turn off root access by editing /etc/ssh/sshd_config "PermitRootLogin no" restart sshd - cool no root access! EXCEPT,

I thought I had created another user and given him root access. WELL, as far as I can tell there is no root, no sudo, no _power_ over anything now!? I cannot login as "root" or "username". I have a cPanel user with access to his owned files, but no su privileges.

Is there a way to revert to a backup of the ssh_config file? Or something? MAN, did I hose this thing or what?

On the upside, it's a whole lot harder for a hacker right?
 
Old 07-09-2009, 05:22 PM   #2
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,090

Rep: Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474
boot up with the install dvd in rescue mode and fix it using "nano" editor
or I use "SystemRescueCD "
http://www.sysresccd.org/Main_Page

to fix my mistakes .You can also use a knoppix livd cd to fix it
 
Old 07-09-2009, 05:36 PM   #3
smadcom
LQ Newbie
 
Registered: Jul 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Yeah, that is EXCELLENT advice, trouble is the server is in a data center 200 miles away... remote hands would cost me some $$$!

But that is probably what I will have to do. Any other ideas?
 
Old 07-09-2009, 06:42 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
Quote:
Originally Posted by smadcom View Post
Is there a way to revert to a backup of the ssh_config file? Or something?
If there's no way to restore backups or remove then reinstall the OpenSSH RPM from your panel then you're kind of SOL, yes.


Quote:
Originally Posted by smadcom View Post
On the upside, it's a whole lot harder for a hacker right?
No. That depends on what else you also run...
 
Old 07-09-2009, 07:15 PM   #5
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,977
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by smadcom View Post
Yeah, that is EXCELLENT advice, trouble is the server is in a data center 200 miles away... remote hands would cost me some $$$!

But that is probably what I will have to do. Any other ideas?
Can you get into a sort of a "lights out management"? If so you can boot into single user mode and reset the root password.
 
Old 07-09-2009, 07:30 PM   #6
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,090

Rep: Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474
from ssh after you login as 'user' can you still ' su -'
or sudo a small script to change 'no ' back to 'yes'

there should be a file called " /etc/ssh/sshd_config~ " with the " ~ " at the end
that is the auto backup file

something like
Code:
su -
cd  /etc/ssh/
mv sshd_config~ sshd_config
 
Old 07-10-2009, 05:25 AM   #7
smadcom
LQ Newbie
 
Registered: Jul 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by John VV View Post
from ssh after you login as 'user' can you still ' su -'
or sudo a small script to change 'no ' back to 'yes'
I cannot su - "permission is denied" or sudo

Quote:
Originally Posted by John VV View Post
there should be a file called " /etc/ssh/sshd_config~ " with the " ~ " at the end
that is the auto backup file
No but there is a file called sshd_config.save
When I open it, I just get a new buffer.
I cannot do anything in any directory except /home/cpaneluser.

Quote:
Originally Posted by John VV View Post
something like
Code:
su -
cd  /etc/ssh/
mv sshd_config~ sshd_config
Thanks, all... this is looking pretty hopeless!
 
Old 07-10-2009, 05:38 AM   #8
jeromeNP7
Member
 
Registered: Jun 2009
Posts: 101

Rep: Reputation: 19
If you have any backups made via your CPanel, then you can restore your home directory and everything that goes with to a state before your light-hearted changes. Such mistakes usually cost $$$$, so be prepared to hire someone at the server's location to correct the mistake, if no backup tarball is available.

Linux

Last edited by jeromeNP7; 09-04-2009 at 09:24 PM.
 
Old 07-10-2009, 06:05 AM   #9
smadcom
LQ Newbie
 
Registered: Jul 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks for the spanking.

Mistakes is how we learn, and education does cost!

I don't want to restore the home directory, all domains would be reverted... not fair to make others pay for said education.

Like I say... I created another user with root access, I figured I would use him instead of "root" when logging in to do operations requiring the access level. Where did my plan go wrong?

I hit this wall:
Quote:
sudo: must be setuid root
 
Old 07-10-2009, 07:50 AM   #10
smadcom
LQ Newbie
 
Registered: Jul 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Well, it turns out I'm not as stupid as I thought... OR STUPIDER! (if that's a word?)

I actually accomplished what I set out to do: login is only possible as my super secret user, using a strong password.
This user is crippled to only his files.
Then su CAN be accomplished as root with an even stronger/longer password.

Therefore, I have added an extra layer of protection to root access. That was my intention and it works.

THANKS to all for holding this newbie's hand... like I said it's an educational process!!!
 
Old 07-10-2009, 08:00 AM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
Not if "Like I say... I created another user with root access" means you created another user with UID = 0.
 
Old 07-10-2009, 02:00 PM   #12
smadcom
LQ Newbie
 
Registered: Jul 2009
Posts: 6

Original Poster
Rep: Reputation: 0
No - killed that user. It's actually a user created with cPanel with shell access. cPanel can create users with su powers... that's what saved the day. Sorry if I am not being too clear, can't say I have a good handle on it myself, but it works. The only actual user with UID=0 is root, but root cannot login directly.

Make sense?
 
Old 07-11-2009, 05:32 PM   #13
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
Definately. If you would like to a second opinion on or discuss system hardening & security (after you've recuperated from your own shock 'n awe campaign ;-p) have a look at the Linux Security forum.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Root and all user accounts disabled mht17 Linux - Newbie 3 05-10-2011 06:23 PM
Root Account Disabled (not smart) Can not root LOGIN mitchellray Slackware 12 06-30-2009 12:52 PM
Problem: Root enabled, sudo disabled Conjurer Ubuntu 4 01-15-2006 12:55 AM
URGENT (server down) : All account disabled ! (and also root) jmcollin92 Mandriva 2 01-10-2006 03:57 PM
Probably a stupid newbie q tiredoflogins Linux - Security 4 07-29-2005 05:22 AM


All times are GMT -5. The time now is 03:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration