LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-18-2004, 11:13 AM   #1
rshooper
LQ Newbie
 
Registered: Aug 2004
Distribution: Fedora Core 2
Posts: 24

Rep: Reputation: 15
Prevent Root access with SSH


I have heard that you can prevent the root user from gaining access to the system using ssh. How do you do this? Also, if you do this is there a way to add users without logging on as root?
 
Old 11-18-2004, 11:37 AM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,780
Blog Entries: 1

Rep: Reputation: 412Reputation: 412Reputation: 412Reputation: 412Reputation: 412
You need to edit your sshd config file. There is an AllowRootLogin directive that you just set to no, save the file and then restart sshd.

As for adding users, there are a couple of ways to do this. First is to log into the system as a normal user, and then use su - to become root. The second way would be to use sudo, which allows normal users to run specific commands with root privileges. Check out the sudo man pages for how to add commands.
 
Old 11-18-2004, 12:13 PM   #3
JaseP
Senior Member
 
Registered: Jun 2002
Location: Eastern PA, USA
Distribution: K/Ubuntu 10.04/12.04, Scientific Linux 6.3, Android-x86, Maemo
Posts: 1,658

Rep: Reputation: 138Reputation: 138
Correct me if I'm wrong, but even if you can't ssh as root, you could still ssh as the user and sudo to run with root authority,... right??? In that capacity that person could still nerf your system...
 
Old 11-18-2004, 12:20 PM   #4
bignerd
Member
 
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
Quote:
Originally posted by JaseP
Correct me if I'm wrong, but even if you can't ssh as root, you could still ssh as the user and sudo to run with root authority,... right??? In that capacity that person could still nerf your system...
Most distro's support the wheel group. If you enable this on your linux box then even if the user knows the root password they can't su to it unless in the wheel group.

-b
 
Old 11-18-2004, 01:05 PM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,780
Blog Entries: 1

Rep: Reputation: 412Reputation: 412Reputation: 412Reputation: 412Reputation: 412
Quote:
Originally posted by JaseP
Correct me if I'm wrong, but even if you can't ssh as root, you could still ssh as the user and sudo to run with root authority,... right??? In that capacity that person could still nerf your system...
Wrong. The only commands a user can use with sudo are those that root allows them to. The way sudo works is that the user enters sudo command at the prompt. Sudo then looks in the sudoers file to see if that user has permission to use that command. If they can, then they are prompted for their password (or not depeding on how you set it up) and the command runs. However, if they do NOT have permission to run that command (i.e., it isn't in the sudoers file), then the command doesn't run. So in your case, a user could have the ability to add a user through sudo, but couldn't do anything else with root privileges.

Sudo is actually a pretty elegant way to give a user exactly the amount of root authoritiy they need to get the job done and no more.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to add user with root privileges and SSH access adamrad Linux - General 8 10-31-2006 02:53 PM
SSH Root Access DediPlace Linux - Security 6 05-29-2005 11:05 AM
SSH how to configure differently for different cards (ie root access) datus Linux - Security 3 03-28-2004 02:48 PM
ssh access allowed only to root user? zovres Linux - Newbie 5 09-25-2003 04:19 PM
Anyway to use rsync ssh without allowing root access? ifm Linux - Security 0 06-12-2002 01:01 PM


All times are GMT -5. The time now is 11:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration