LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-28-2008, 01:28 PM   #1
bskrakes
Member
 
Registered: Sep 2006
Location: Canada, Alberta
Distribution: RHEL 4 and up, CentOS 5.x, Fedora Core 5 and up, Ubuntu 8 and up
Posts: 251

Rep: Reputation: 32
Exclamation Disable remote root access but allow local root access-- possible?


Hi there!

So I know how to disable remote root access but am I able to allow local root access (anything on the private internal network)? This way when I am on site at the server I don't have to "su - root" all the time.

Thanks!
 
Old 02-28-2008, 03:36 PM   #2
Deleriux
Member
 
Registered: Nov 2003
Posts: 89

Rep: Reputation: 16
If your using passwords to login you can do this by going to

/etc/security/access.conf

and putting a line such as:-

+ : root : 192.168.1.0/24 (<-- replace with local network here)
- : root : ALL

Then going to sshd and putting the "UsePAM" option to Yes. And set "PasswordAuthentication no".

If your using public keys - well - I dont know a way of doing it then since pam doesnt support pubkey authentication.
 
Old 02-29-2008, 09:32 PM   #3
taylor_venable
Member
 
Registered: Jun 2005
Location: Indiana, USA
Distribution: OpenBSD, Ubuntu
Posts: 892

Rep: Reputation: 41
Quote:
Originally Posted by bskrakes View Post
This way when I am on site at the server I don't have to "su - root" all the time.
I'd recommend using sudo instead, because it (1) leaves an audit trail; (2) doesn't require the root password to use; (3) allows finer-grained control.

But if you want to stop root login over SSH set PermitRootLogin to "no" in your configuration.
 
Old 03-03-2008, 12:15 PM   #4
bskrakes
Member
 
Registered: Sep 2006
Location: Canada, Alberta
Distribution: RHEL 4 and up, CentOS 5.x, Fedora Core 5 and up, Ubuntu 8 and up
Posts: 251

Original Poster
Rep: Reputation: 32
I already have remote root login disabled.

I just need to configure root login for local access only.... It doesn't look like there is any real easy way to set that. I know in some programs you can control this by IP address (grant/deny ip address or by range).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable root access... firehydra2k Linux - Newbie 5 03-27-2007 01:19 AM
How to disable root console and remote access. UltraSoul Solaris / OpenSolaris 1 02-09-2007 04:05 AM
Remote Root Access??? dsschanze Linux - Software 2 09-25-2004 06:04 PM
local root can access nis users??? pao Linux - Security 1 07-29-2004 01:06 AM
no access for root on X-server (local) Li... Debian 11 02-16-2004 06:01 PM


All times are GMT -5. The time now is 03:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration