LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Prevent certain accounts from being able to SSH to server (https://www.linuxquestions.org/questions/linux-newbie-8/prevent-certain-accounts-from-being-able-to-ssh-to-server-755325/)

anon091 09-15-2009 06:34 AM
Prevent certain accounts from being able to SSH to server
 
How can you go about preventing certain user accounts, like root among others, from being able to SSH to a server's CLI? I want to do this for RHEL 5 if that matters.

pwc101 09-15-2009 06:37 AM
To stop root sshing in, make sure the following line is present in /etc/ssh/sshd_config:
Code:
PermitRootLogin no
To explicitly include or exclude users, see the DenyUsers and AllowUsers directives in the man page (man sshd_config).

anon091 09-15-2009 06:39 AM
Thanks! I will check it out. If that line isn't there, do I just vi that file to add it? then do i restart sshd (however you do that)?

pwc101 09-15-2009 06:42 AM
Quote:
Originally Posted by rjo98 (Post 3683452)
Thanks! I will check it out. If that line isn't there, do I just vi that file to add it?
Yes.
Quote:
Originally Posted by rjo98 (Post 3683452)
then do i restart sshd (however you do that)?
You need to restart sshd. If you're using a Red Hat based system, I believe the syntax to restart sshd is:
Code:
/etc/init.d/sshd restart
To be run as root, obviously.

anon091 09-15-2009 06:44 AM
Awesome. Many thanks pwc.

pwc101 09-15-2009 06:52 AM
No problem :)

You might also be interested in the Sticky post on securing sshd here at LQ: http://www.linuxquestions.org/questi...tempts-340366/. unSpawn has also collated some links in this post http://www.linuxquestions.org/questi...54#post2122954 - see the section on SSH at the bottom for the links.

nagendrar 09-15-2009 07:01 AM
You can prevent certain IP's following way:

add line like "ALL: *.* " in /etc/hosts.deny file.
add line like "ALL: <IPAddr>" in /etc/hosts.allow file

--> It won't allow all IP's except <IPAddr> which are in /etc/hosts.allow file.

ThanQ,
Nagendra R.

schneidz 09-15-2009 07:54 AM
the correct way to restart services in redhat, fedora, centos is by using the service command
Code:
sudo /sbin/service sshd restart
man service

anon091 09-15-2009 08:01 AM
So what is wrong with doing it like /etc/init.d/sshd restart?

I'm very new to Linux and RHEL, but the few people i've watched do stuff, they always do it like /etc/init.d/sshd restart, or stop then start.

lutusp 09-15-2009 04:17 PM
Quote:
Originally Posted by rjo98 (Post 3683555)
So what is wrong with doing it like /etc/init.d/sshd restart?
Nothing whatever -- these are almost exactly the same:

Code:
# /etc/init.d/(service) (command)
-- and --

Code:
# service (service) (command)
The "service" command just provides a little shorthand, and if you move between distributions a lot, it's easier to remember the first way of doing it above.

"service" on Fedora/red Hat is just a Bash script that holds the user's hand a little bit. To read it:

Code:
# cat /sbin/service
This is one of those annoying differences between distributions that can only stand in the way of wider Linux adoption.

anon091 09-15-2009 05:29 PM
Thanks. Yeah, that does make it confusing for it to only be in certain distros. If a few of the distros would suck it up and merge, they might be on to something. Nothing like having 12 ways to do one thing, especially for someone new haha.


All times are GMT -5. The time now is 03:31 PM.