Quote:
Which is bad. Quote:
Yes su root is better the ssh root because you aren't connecting remote as root. However sudo root is even better than su root... nomb |
How am I connecting remote if I am connecting via SSH to another name on the same server? Nothing goes out through PuTTY, it's all happening within the server. Not even going out on the hosts's LAN. Using su requires entering a password which gets transitted via PuTTY.
Edit: I found sudo. Need to be root to see it. So I will add 'me' to the /root/sudoers.txt? The existing entries look like this, which confuses me. Name1 and name2 are host's techs. root ALL=(ALL) ALL name1 ALL = PASSWD: ALL name1 ALL = NOPASSWD: ADMIN name2 ALL = NOPASSWD: ADMIN name2 ALL = PASSWD: ALL admin ALL = NOPASSWD: ADMIN Would I add me ALL = NOPASSWD: ROOT |
You may be working locally, but unless your /etc/ssh/sshd_config file contains "PermitRootLogin no" (my version defaults to yes unless you specifically set it to no) then someone can remotely try to access the root account by guessing the password.
To set up sudo I use the visudo command. I don't recommend using the keywords ALL and NOPASSWD together since they provide full root access if someone guesses that account's password. |
Where do I get visudo?
Code:
[root@www sbin]# rpm -ql sudo |
If sudo is installed it should already be there as well. But visudo needs to be ran with root privileges. Which also means it should be in one of the sbins.
nomb |
Do you suppose there is some good reason why our host has not installed sudo? I could ask them but I'm trying to avoid entering new ticket.
|
Add
PermitRootLogin no to your ssh_config file. If I remember correctly there was a keyword for this setting that allowed access via a key file, but denied password access to root. I think the keyword is without-password. |
I don't dare do that - danger of blocking my hosts's techies. But I'm sure it is good advice.
|
Quote:
None that I can think of other than they are trying to restrict who has root access. However, that is REALLY self-defeating as without sudo, someone is more likely to hand out the root password. Sudo was designed to prevent exactly that. I'd ask for it to be installed. It just seems very wrong that it wasn't by default. |
I hate to annoy our host. They give us a very special low monthly fee for our dedicated server, because the host's owner hates malware and because we are all volunteers and the forum has no income other than donations.
I'm marking this SOLVED because it's getting so long. In the future I will try to keep my threads more focused. |
Quote:
|
All times are GMT -5. The time now is 07:58 PM. |