LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-26-2007, 04:19 AM   #1
Raakh
Member
 
Registered: May 2007
Posts: 128

Rep: Reputation: 15
removing wheel user


I found an article and applied the following steps to secure my dedicated server. Now I can not access directly the root but through a <username>

Now I want to access the root directly. what should I do?

thanks & best regards

add a user with the id <username> to the wheel group:
usermod -G wheel <username>
Edit the PAM configuration file for su, /etc/pam.d/su, in a text editor and remove the comment (#) from the line shown below:
# auth required /lib/security/pam_wheel.so use_uid
So that is looks like this: auth required /lib/security/pam_wheel.so use_uid
Edit the /etc/ssh/sshd_config file with a text editor and find the following line:
#PermitRootLogin yes
Change the yes to no and remove the '#' at the beginning of the line so that it reads:
PermitRootLogin no
• Restart the sshd service:
# service sshd restart
 
Old 12-26-2007, 05:16 AM   #2
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983
Quote:
Originally Posted by Raakh View Post
#PermitRootLogin yes
Change the yes to no and remove the '#' at the beginning of the line so that it reads:
PermitRootLogin no
If you are concerned about security, why should you login as root? You explicitly told ssh to not permit root login. If you don't want this feature enabled, you have to do a step back and reset this flag to "yes". Anyway, I suggest to keep it as you've already set, since root is the only and unique known user to all Unix systems (the first to hit by huge SSH attacks).
 
Old 12-26-2007, 05:22 AM   #3
Raakh
Member
 
Registered: May 2007
Posts: 128

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by colucix View Post
If you are concerned about security, why should you login as root? You explicitly told ssh to not permit root login. If you don't want this feature enabled, you have to do a step back and reset this flag to "yes". Anyway, I suggest to keep it as you've already set, since root is the only and unique known user to all Unix systems (the first to hit by huge SSH attacks).
Thanks for your suggestion
 
Old 12-26-2007, 05:44 AM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 681Reputation: 681Reputation: 681Reputation: 681Reputation: 681Reputation: 681
If you want to secure ssh, there are several things you can do.
  • Use "AllowUsers" or "AllowGroups" to control who can log in.
  • Use Key exchange only for authentication.
  • Use strong pass phrases when creating the keys.
  • Disable Root logins.
  • Disallow ssh version 1
 
Old 12-29-2007, 11:55 AM   #5
Raakh
Member
 
Registered: May 2007
Posts: 128

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by jschiwal View Post
If you want to secure ssh, there are several things you can do.
  • Use "AllowUsers" or "AllowGroups" to control who can log in.
  • Use Key exchange only for authentication.
  • Use strong pass phrases when creating the keys.
  • Disable Root logins.
  • Disallow ssh version 1

Can you please let me know any docs as I don't know to create the groups, then user and to set permissions for these users

thanks & best regard
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
adding user to wheel group tied2 *BSD 10 09-28-2007 04:22 AM
enabling wheel mouse as unprivilleged user despotic Solaris / OpenSolaris 1 09-18-2004 04:56 PM
removing user accounts disorderly Linux - General 12 09-01-2004 07:57 PM
Removing A User scott.holmes Linux - Software 4 08-04-2004 10:13 AM
removing/deleting a user cuss Linux - General 7 02-27-2003 02:27 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration