LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-28-2008, 01:28 PM   #1
bskrakes
Member
 
Registered: Sep 2006
Location: Canada, Alberta
Distribution: RHEL 4 and up, CentOS 5.x, Fedora Core 5 and up, Ubuntu 8 and up
Posts: 251

Rep: Reputation: 32
Exclamation Disable remote root access but allow local root access-- possible?


Hi there!

So I know how to disable remote root access but am I able to allow local root access (anything on the private internal network)? This way when I am on site at the server I don't have to "su - root" all the time.

Thanks!
 
Old 02-28-2008, 03:36 PM   #2
Deleriux
Member
 
Registered: Nov 2003
Posts: 89

Rep: Reputation: 17
If your using passwords to login you can do this by going to

/etc/security/access.conf

and putting a line such as:-

+ : root : 192.168.1.0/24 (<-- replace with local network here)
- : root : ALL

Then going to sshd and putting the "UsePAM" option to Yes. And set "PasswordAuthentication no".

If your using public keys - well - I dont know a way of doing it then since pam doesnt support pubkey authentication.
 
1 members found this post helpful.
Old 02-29-2008, 09:32 PM   #3
taylor_venable
Member
 
Registered: Jun 2005
Location: Indiana, USA
Distribution: OpenBSD, Ubuntu
Posts: 892

Rep: Reputation: 43
Quote:
Originally Posted by bskrakes View Post
This way when I am on site at the server I don't have to "su - root" all the time.
I'd recommend using sudo instead, because it (1) leaves an audit trail; (2) doesn't require the root password to use; (3) allows finer-grained control.

But if you want to stop root login over SSH set PermitRootLogin to "no" in your configuration.
 
Old 03-03-2008, 12:15 PM   #4
bskrakes
Member
 
Registered: Sep 2006
Location: Canada, Alberta
Distribution: RHEL 4 and up, CentOS 5.x, Fedora Core 5 and up, Ubuntu 8 and up
Posts: 251

Original Poster
Rep: Reputation: 32
I already have remote root login disabled.

I just need to configure root login for local access only.... It doesn't look like there is any real easy way to set that. I know in some programs you can control this by IP address (grant/deny ip address or by range).
 
Old 02-21-2019, 04:02 PM   #5
BurnieS
LQ Newbie
 
Registered: Dec 2018
Posts: 18

Rep: Reputation: Disabled
So, first execute in a terminal

sudo passwd root

you will be prompted for a new Unix password. Write it twice (second for confirmation).

Then execute

sudo passwd -u root

to unlock the account. This should return

passwd: password expiry information changed


One more step finding the config file with (root_login y or n) they keep moving it around ?hiding it?
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable root access... firehydra2k Linux - Newbie 5 03-27-2007 01:19 AM
How to disable root console and remote access. UltraSoul Solaris / OpenSolaris 1 02-09-2007 04:05 AM
Remote Root Access??? dsschanze Linux - Software 2 09-25-2004 06:04 PM
local root can access nis users??¿?¿ pao Linux - Security 1 07-29-2004 01:06 AM
no access for root on X-server (local) Li... Debian 11 02-16-2004 06:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration