LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-20-2007, 11:02 AM   #1
guy_ripper
Member
 
Registered: Oct 2006
Posts: 80

Rep: Reputation: 15
restricting ssh


Hi,

Anyone here knows how restrict access on ssh? I want to deepen the security on ssh in such away that only root can do ssh.

Thanks in advanced
 
Old 06-20-2007, 11:18 AM   #2
bbonifield
LQ Newbie
 
Registered: Jun 2007
Posts: 13

Rep: Reputation: 0
Modify /etc/ssh/sshd_config

Add/modify AllowUsers option.

Something like.

"AllowUsers root"

Although it is good practice to have it so that only a secondary user can ssh in. As in only "admin" can ssh in, and then you have to su into root. It makes it so that if an ssh bot gets it, it still doesn't have root control of your system.
 
Old 06-20-2007, 11:20 AM   #3
bsdunix
Senior Member
 
Registered: May 2006
Distribution: BeOS, BSD, Caldera, CTOS, Debian, LFS, Mac, Mandrake, Red Hat, Slackware, Solaris, SuSE
Posts: 1,761

Rep: Reputation: 80
I added these to my /etc/ssh/sshd_config file, tried to connect SSH to localhost as normal user and was denied, but root was allowed. For explaination see man sshd_config.
Code:
DenyUsers ALL
AllowUsers root
Restart sshd.
Code:
# kill -HUP `cat /var/run/sshd`
It's a best practice you connect SSH as a normal user, then after connected to remote host either su to root or use sudo.

p.s. I see bbonifield already replied, I was too slooowwww.
 
Old 06-20-2007, 12:37 PM   #4
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Direct root access is a bad idea. The account always exits. SSH as a non-privileged user and su or sudo.
 
Old 06-20-2007, 12:59 PM   #5
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by guy_ripper
I want to deepen the security on ssh in such away that only root can do ssh.
Interestingly, your approach for "deepen[ing] security" is going to have exactly the opposite effect.

If you insist on going forward with this, you're going to want to enable pubkey authentication and turn all other forms of authentication off. That will at least offer some protection from brute force attacks against the one account that obviously exists on the system: root.
 
Old 06-20-2007, 09:20 PM   #6
guy_ripper
Member
 
Registered: Oct 2006
Posts: 80

Original Poster
Rep: Reputation: 15
Thanks to you all... I appreciate your help...

Now, I know and will follow what you have adviced not to use root when logging in ssh.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
restricting user access with ssh rob_xx17 Linux - Security 4 01-05-2006 06:22 PM
Restricting SSH logins. bullium Linux - Security 3 05-10-2005 01:15 AM
Restricting SSH access by IP sooner5150 Linux - Security 3 11-18-2004 11:09 AM
Restricting SSH Access ErocM Linux - Security 4 02-20-2004 10:52 AM
restricting ssh macie Linux - Networking 1 12-09-2003 11:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration