LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-26-2011, 06:47 AM   #1
ust
Senior Member
 
Registered: Mar 2003
Location: fasdf
Distribution: Debian / Suse /RHEL
Posts: 1,130

Rep: Reputation: 30
Restrict user login


I use Rh server , can advise if I want to restrict the root user can not directly login to the system ( eg. ssh -l root IP_address" , what can i do ?

Thanks.
 
Old 05-26-2011, 06:49 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
set PermitRootLogin to no in /etc/ssh/sshd_config and restart ssh.
 
Old 05-26-2011, 12:08 PM   #3
ust
Senior Member
 
Registered: Mar 2003
Location: fasdf
Distribution: Debian / Suse /RHEL
Posts: 1,130

Original Poster
Rep: Reputation: 30
Thanks reply ,

if I want to restrict user login through all kinds of method ( eg. ssh , telnet , rsh ) not just by ssh , can advise what can i do ? thx
 
Old 05-26-2011, 12:23 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
ahh then you want to actually do the job properly!! the permitrootlogin option is the usual favourite, but i recommend using /etc/security/access.conf instead to control things as a generic layer through pam, as this can match against any pam service name (amongst other things)
 
Old 05-27-2011, 02:39 AM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,412

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
Can I also add that using a non-encrypted form of cxn like telnet or rsh is a really bad idea, not just for the root user.
However, good advice from acid_kewpie if you really have to use them.
 
Old 05-27-2011, 02:46 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Quote:
Originally Posted by chrism01 View Post
Can I also add that using a non-encrypted form of cxn like telnet or rsh is a really bad idea, not just for the root user.
However, good advice from acid_kewpie if you really have to use them.
Well my perspective would be that using access.conf provides an additional safety net *in case* these services are somehow running, going from something like a default permit for multiple services, to a default deny. Similar to have a default drop policy in iptables even when you're happy to permit access to every port that you know is already open, and that there is nothing else listening. You'd still expect connections on port 23 to not be allowed anywhere near userland.

Last edited by acid_kewpie; 05-27-2011 at 02:48 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
restrict direct login and only su jhonnyrip Red Hat 4 12-07-2009 11:55 PM
Redhat 5 - How to restrict a user to login only from remote machine raju_email@yahoo.com Linux - Security 6 09-20-2009 09:43 AM
how to restrict a user to login from one specified machine? hueofwind Linux - General 5 08-25-2006 10:13 AM
how can i restrict a samba user to a single login sravanth.svk Linux - Networking 0 08-25-2006 08:53 AM
Restrict login by login from single IP cachemonet Linux - Security 1 01-27-2006 11:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration