Prevent certain accounts from being able to SSH to server
How can you go about preventing certain user accounts, like root among others, from being able to SSH to a server's CLI? I want to do this for RHEL 5 if that matters.
|
To stop root sshing in, make sure the following line is present in /etc/ssh/sshd_config:
Code:
PermitRootLogin no |
Thanks! I will check it out. If that line isn't there, do I just vi that file to add it? then do i restart sshd (however you do that)?
|
Quote:
Quote:
Code:
/etc/init.d/sshd restart |
Awesome. Many thanks pwc.
|
No problem :)
You might also be interested in the Sticky post on securing sshd here at LQ: http://www.linuxquestions.org/questi...tempts-340366/. unSpawn has also collated some links in this post http://www.linuxquestions.org/questi...54#post2122954 - see the section on SSH at the bottom for the links. |
You can prevent certain IP's following way:
add line like "ALL: *.* " in /etc/hosts.deny file. add line like "ALL: <IPAddr>" in /etc/hosts.allow file --> It won't allow all IP's except <IPAddr> which are in /etc/hosts.allow file. ThanQ, Nagendra R. |
the correct way to restart services in redhat, fedora, centos is by using the service command
Code:
sudo /sbin/service sshd restart |
So what is wrong with doing it like /etc/init.d/sshd restart?
I'm very new to Linux and RHEL, but the few people i've watched do stuff, they always do it like /etc/init.d/sshd restart, or stop then start. |
Quote:
Code:
# /etc/init.d/(service) (command) Code:
# service (service) (command) "service" on Fedora/red Hat is just a Bash script that holds the user's hand a little bit. To read it: Code:
# cat /sbin/service |
Thanks. Yeah, that does make it confusing for it to only be in certain distros. If a few of the distros would suck it up and merge, they might be on to something. Nothing like having 12 ways to do one thing, especially for someone new haha.
|
All times are GMT -5. The time now is 03:31 PM. |