LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-29-2005, 10:16 AM   #1
inoxtech
LQ Newbie
 
Registered: Jun 2005
Posts: 3

Rep: Reputation: 0
disable root login via ssh with one exeption


Hi there,

I want to disable any root login via ssh except from my admin servers. So I screwed around with AllowUsers and Denyusers parameters in sshd_config using something like this:

AllowUsers root@host1 root@host2 *@*
DenyUsers root

Unfortunately only the Deny rule seems to take effect. In my opinion these roules are more or less useless without the capability to combine these 2 rules. Don´t you think?

Cheers
Holger
 
Old 06-29-2005, 10:28 AM   #2
nukey
Member
 
Registered: Dec 2004
Location: Netherlands
Distribution: Slackware
Posts: 173

Rep: Reputation: 30
In your sshd config file put:

PermitRootLogin no
AllowUsers your_user_name

No need to use the Deny thingie.
This is for the pc's that you don't want root to login.

You could also use this for you servers, create a normal account for yourself and allow that account and then su to root to do your stuff

Last edited by nukey; 06-29-2005 at 10:34 AM.
 
Old 06-30-2005, 07:20 AM   #3
inoxtech
LQ Newbie
 
Registered: Jun 2005
Posts: 3

Original Poster
Rep: Reputation: 0
Hi nukey,

this way, it doesn´t really work. When I would set PermitRootLogin to no, I wouldn´t be able to log in as root from the admin hosts even if they had rsa-key authentication.

The AllowUsers list must have some sort of wildcard, since I have no idea who needs logins on which machines (we´re talking about aprox. 150 Servers and allmost 2000 users).

We´re also thinking of some sort of process for login as unprivelidged user --> sudo something --> so on, but this solution is thought bo be a quick fix...


Thanks for your comment anyway.
 
Old 06-30-2005, 12:28 PM   #4
nukey
Member
 
Registered: Dec 2004
Location: Netherlands
Distribution: Slackware
Posts: 173

Rep: Reputation: 30
Ok, but don't you agree that you don't have to be able to login as root. If you have access to a specific server with a specific username you could always su to root.

Anyways, I searched google and found this:

Code:
 '*' and ''? can be used as wildcards
I found it here

Also take a look here
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable Root login via ssh UltraSoul Solaris / OpenSolaris 3 02-09-2007 03:18 AM
disable root login with ssh linuxtesting2 Slackware 3 02-16-2005 01:33 PM
How can I disable root to ssh Soulstealer Linux - Security 2 12-12-2004 12:36 PM
How can I disable root login with SSH? blk96gt Slackware 9 10-02-2004 08:09 AM
SSH/Telnet, disable root login, how? muhazam Linux - Security 6 08-17-2004 01:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration