Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-15-2009, 06:34 AM
|
#1
|
Senior Member
Registered: Jun 2009
Posts: 1,795
Rep:
|
Prevent certain accounts from being able to SSH to server
How can you go about preventing certain user accounts, like root among others, from being able to SSH to a server's CLI? I want to do this for RHEL 5 if that matters.
Last edited by anon091; 09-15-2009 at 06:35 AM.
|
|
|
09-15-2009, 06:37 AM
|
#2
|
Senior Member
Registered: Oct 2005
Location: UK
Distribution: Slackware
Posts: 1,847
Rep:
|
To stop root sshing in, make sure the following line is present in /etc/ssh/sshd_config: To explicitly include or exclude users, see the DenyUsers and AllowUsers directives in the man page (man sshd_config).
|
|
|
09-15-2009, 06:39 AM
|
#3
|
Senior Member
Registered: Jun 2009
Posts: 1,795
Original Poster
Rep:
|
Thanks! I will check it out. If that line isn't there, do I just vi that file to add it? then do i restart sshd (however you do that)?
|
|
|
09-15-2009, 06:42 AM
|
#4
|
Senior Member
Registered: Oct 2005
Location: UK
Distribution: Slackware
Posts: 1,847
Rep:
|
Quote:
Originally Posted by rjo98
Thanks! I will check it out. If that line isn't there, do I just vi that file to add it?
|
Yes.
Quote:
Originally Posted by rjo98
then do i restart sshd (however you do that)?
|
You need to restart sshd. If you're using a Red Hat based system, I believe the syntax to restart sshd is:
Code:
/etc/init.d/sshd restart
To be run as root, obviously.
|
|
|
09-15-2009, 06:44 AM
|
#5
|
Senior Member
Registered: Jun 2009
Posts: 1,795
Original Poster
Rep:
|
Awesome. Many thanks pwc.
|
|
|
09-15-2009, 07:01 AM
|
#7
|
Member
Registered: Apr 2008
Location: HYD, INDIA.
Posts: 154
Rep:
|
You can prevent certain IP's following way:
add line like "ALL: *.* " in /etc/hosts.deny file.
add line like "ALL: <IPAddr>" in /etc/hosts.allow file
--> It won't allow all IP's except <IPAddr> which are in /etc/hosts.allow file.
ThanQ,
Nagendra R.
|
|
|
09-15-2009, 07:54 AM
|
#8
|
LQ Guru
Registered: May 2005
Location: boston, usa
Distribution: fedora-35
Posts: 5,325
|
the correct way to restart services in redhat, fedora, centos is by using the service command
Code:
sudo /sbin/service sshd restart
man service
|
|
|
09-15-2009, 08:01 AM
|
#9
|
Senior Member
Registered: Jun 2009
Posts: 1,795
Original Poster
Rep:
|
So what is wrong with doing it like /etc/init.d/sshd restart?
I'm very new to Linux and RHEL, but the few people i've watched do stuff, they always do it like /etc/init.d/sshd restart, or stop then start.
|
|
|
09-15-2009, 04:17 PM
|
#10
|
Member
Registered: Sep 2009
Distribution: Fedora
Posts: 835
Rep:
|
Quote:
Originally Posted by rjo98
So what is wrong with doing it like /etc/init.d/sshd restart?
|
Nothing whatever -- these are almost exactly the same:
Code:
# /etc/init.d/(service) (command)
-- and --
Code:
# service (service) (command)
The "service" command just provides a little shorthand, and if you move between distributions a lot, it's easier to remember the first way of doing it above.
"service" on Fedora/red Hat is just a Bash script that holds the user's hand a little bit. To read it:
Code:
# cat /sbin/service
This is one of those annoying differences between distributions that can only stand in the way of wider Linux adoption.
|
|
|
09-15-2009, 05:29 PM
|
#11
|
Senior Member
Registered: Jun 2009
Posts: 1,795
Original Poster
Rep:
|
Thanks. Yeah, that does make it confusing for it to only be in certain distros. If a few of the distros would suck it up and merge, they might be on to something. Nothing like having 12 ways to do one thing, especially for someone new haha.
|
|
|
All times are GMT -5. The time now is 04:01 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|