LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 10-05-2005, 01:08 PM   #1
mattp
Member
 
Registered: Mar 2004
Location: Chicago, USA
Distribution: Slackware 10.2
Posts: 368

Rep: Reputation: 30
Wierd happenings when securing SSH


I am trying to configure my SSH (on my slack 10.2 box) to deny login from ROOT and to allow login only from user "phonehome"

Here are the relevant lines I have in my /etc/ssh/sshd_config:

PermitRootLogin no
AllowUsers phonehome

Why can I still login from root?

I have tried killing the SSHD process with no luck. What am I doing wrong?
 
Old 10-05-2005, 02:13 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, FreeBSD
Posts: 3,925
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
I have tried killing the SSHD process with no luck. What am I doing wrong?
So I take it you have not restarted sshd? After changing sshd_config you will need to.

The SuSE way is
Code:
sshd restart
or
Code:
/etc/init.d/sshd restart
The FreeBSD way (that I use anyway) is issuing a kill to sshd and then starting it again.

One of these should work on slackware (although your sshd script path will probably differ). So you can tinker some more or wait for a slackware expert to see this.
 
Old 10-05-2005, 02:15 PM   #3
mattp
Member
 
Registered: Mar 2004
Location: Chicago, USA
Distribution: Slackware 10.2
Posts: 368

Original Poster
Rep: Reputation: 30
No, actually I did restart it. I did a "kill [proc id]". It restarted on its own and still didn't work.

I am issueing all of these commands from work over the SSH if that makes any difference.
 
Old 10-05-2005, 02:35 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, FreeBSD
Posts: 3,925
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Why can I still login from root?
Just to be sure I'm really understanding this question, are you using
Code:
ssh root@host_name
and it is still working? Or are you logging in via ssh as another user and then su-ing to root?
 
Old 10-05-2005, 02:36 PM   #5
mattp
Member
 
Registered: Mar 2004
Location: Chicago, USA
Distribution: Slackware 10.2
Posts: 368

Original Poster
Rep: Reputation: 30
I am using PUTTY from winxp. I ssh to my IP, it says LOGIN: I type root then the PW when it asks and BANG- Im in.
 
Old 10-05-2005, 02:42 PM   #6
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, FreeBSD
Posts: 3,925
Blog Entries: 5

Rep: Reputation: Disabled
Totally strange. All I can think of is 1) sshd was not really restarted; or 2) the 'PermitRootLogin no' is not being parsed by the sshd script correctly because of an extra character or something.

Very curious to see the resolution for this one....
 
Old 10-05-2005, 04:47 PM   #7
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,769
Blog Entries: 1

Rep: Reputation: 410Reputation: 410Reputation: 410Reputation: 410Reputation: 410
Quote:
Originally posted by mattp
No, actually I did restart it. I did a "kill [proc id]". It restarted on its own and still didn't work.

I am issueing all of these commands from work over the SSH if that makes any difference.
The first bit doesn't make any sense. Unless you rebooted, Slack isn't going to restart a daemon on its own. Try running /etc/rc.d/rc.sshd restart and see if that causes sshd to pick up the new setting.
 
Old 10-05-2005, 05:30 PM   #8
mattp
Member
 
Registered: Mar 2004
Location: Chicago, USA
Distribution: Slackware 10.2
Posts: 368

Original Poster
Rep: Reputation: 30
Well, I was doing all of this editing thru SSH. I did Kill [Proc ID], and my connection was terminated. I tried logging in again as root and was successfull. I did ps -e and sshd had a new proc id. I supose this means that SSHD was restarted.

I guess I will have to physically look at the box when I get home.
 
Old 10-06-2005, 07:10 AM   #9
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,769
Blog Entries: 1

Rep: Reputation: 410Reputation: 410Reputation: 410Reputation: 410Reputation: 410
I'm guessing here, but I bet that you just killed the ssh session you were using at the time, not the ssh daemon. If you had actually killed sshd with kill, you absolutely shouldn't have been able to reconnect via ssh unless you've got some other program monitoring sshd and starting it up again if it dies.

By the way, if you us the restart command in my previous post, it actually will maintain the ssh connections in use. The way you did it, you would need physical access to the machine to restart sshd.
 
Old 10-06-2005, 07:27 AM   #10
mattp
Member
 
Registered: Mar 2004
Location: Chicago, USA
Distribution: Slackware 10.2
Posts: 368

Original Poster
Rep: Reputation: 30
Oh cool! I will try again from SSH in a little bit!
 
Old 10-06-2005, 09:41 AM   #11
mattp
Member
 
Registered: Mar 2004
Location: Chicago, USA
Distribution: Slackware 10.2
Posts: 368

Original Poster
Rep: Reputation: 30
Some how I locked my self completely out of SSH. I need to get on the box physically and reconfig sshd_config to allow my user!
 
Old 10-06-2005, 11:26 PM   #12
mattp
Member
 
Registered: Mar 2004
Location: Chicago, USA
Distribution: Slackware 10.2
Posts: 368

Original Poster
Rep: Reputation: 30
Okay, I recommented out AllowRootLogins no just see if I can get the SSHD config to take changes when I use them. I restarted SSHD by doing:

rc.sshd stop
rc.sshd restart

and it still denies all users (root included)

Then I did

rc.sshd stop
rc.sshd start

Same thing. How do I get SSHD to take my changes!!!!??
 
Old 10-07-2005, 05:26 AM   #13
|2ainman
Member
 
Registered: Mar 2004
Distribution: Slackware current, DSL 0.9.2
Posts: 133

Rep: Reputation: 15
handog is right. Also ...
from sshd manpage:
sshd rereads its configuration file when it receives a hangup signal,
SIGHUP, by executing itself with the name and options it was started
with, e.g., /usr/sbin/sshd.

You could also edit your rc.sshd under the sshd_start function and add the -d parameter for debugging output
 
Old 10-07-2005, 07:00 AM   #14
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,769
Blog Entries: 1

Rep: Reputation: 410Reputation: 410Reputation: 410Reputation: 410Reputation: 410
If ssh is no longer allowing anyone in, you're going to have to dig through your logs (/var/log/messages and /var/log/syslog) to find some clues as to why. Even without the -d flag, ssh usually leaves some clue as to what is happening.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Wierd happenings after Kernel Compile on Fedora claudius753 Linux - Software 3 12-31-2004 11:24 PM
Securing SSH ZilverZtream Linux - Security 5 12-10-2004 03:33 PM
securing ssh robberttheman Linux - Security 8 08-27-2004 07:36 AM
Securing SSH tarballedtux Linux - Security 3 11-16-2002 04:45 AM
VNCServer wierd happenings?? FunkFlex Linux - Networking 4 01-31-2002 06:50 PM


All times are GMT -5. The time now is 05:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration