Quote:
Originally Posted by soumalya
Thanks 4 ur reply
is this the way to block accessing ssh and telnet?
|
Blocking ssh root login would be useless if your coworker was clever enough to add himself to the wheel group...this would allow him to login as a normal user then su to root.
You can add rules to iptables to drop packets from his machine, or you could disable sshd completely. Telnet shouldn't be used anyhow, so it's best to shut it off, too.
If you require ssh access, you can set up a strict iptables rule set to deny connections from anyone but certain machines...but without changing the root password, you still have to consider the physical security of the machine (if your coworker can access the machine directly, he can login as root since he knows the password).
My advice would be to a) set up iptables for strict rules, or b) disable sshd/telnet.
And I'd change the root password regardless!