Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-17-2007, 12:30 PM
|
#1
|
LQ Newbie
Registered: Feb 2007
Posts: 4
Rep:
|
SSH Problem
Hello Linux Guru's
I have a dedicated server, i am using username Root to access my server true ssh.
as i researched, there is one more account, except root
how can i see how many accounts are in my ssh accessing my server, i want to know all accounts and disable them + want to delete them...
Please, if there is any command to list all accounts. so i leave only root account and disable all other accounts.
waiting...
Regards
Zhanka
|
|
|
02-17-2007, 01:30 PM
|
#3
|
LQ Newbie
Registered: Feb 2007
Posts: 4
Original Poster
Rep:
|
thanks,
should i add this line:
AllowUsers root
like this ? if i am correct, please confirm, as i did add this, still when i use username: admin, it asks for password, it means others can login.
|
|
|
02-17-2007, 01:51 PM
|
#4
|
Member
Registered: Aug 2004
Location: Cairo, Egypt
Distribution: Slackware
Posts: 101
Rep:
|
issue
Code:
service sshd restart
also, even if it asks for password, it doesn't mean they can login.
lists all users. some of them can login to Linux in general and others cannot.
also, I found some post here interesting:
Code:
AllowUsers root
AllowGroups root
read it at: HowTo sshd deny all users except for one?
Best Regards,
Mustafa Elsheikh
la République du Mustafa Elsheikh
|
|
|
02-17-2007, 02:00 PM
|
#5
|
Member
Registered: Aug 2005
Location: New Brunswick
Distribution: Trisquel
Posts: 70
Rep:
|
Allowing root to log into ssh is not the best idea from a security standpoint. It would be better to log in as a regular user and set it up so that user has appropriate sudo privledges to do what is needed. That way you can limit what can be done remotely to the few things that are likely to need to be done.
Also many brute force ssh attacks are looking for root accounts. So not allowing root at all raises the bar a bit as they then need to figure out what user to try to gain access as. (of course stay away from names like admin, guest, sysop, etc).
it is a bit more work (not that much really), but gives you much finer contorl over what the user can and can not do. Also sudo can be set up to log all sudo'd commands which can also help security wise.
hope this helps
Freemor
Last edited by Freemor; 02-17-2007 at 02:01 PM.
|
|
|
02-17-2007, 02:13 PM
|
#6
|
LQ Newbie
Registered: Feb 2007
Posts: 4
Original Poster
Rep:
|
Thanks,
AllowUsers root
AllowGroups root
worked, i added this and restarted my dedicated server, now i can login with root only, not with my other accounts.
THANKS ONCE AGAIN DUDE
|
|
|
02-17-2007, 02:15 PM
|
#7
|
LQ Newbie
Registered: Feb 2007
Posts: 4
Original Poster
Rep:
|
Good idea Freemor!
Cleaver!
thanks dude, will give a try!
|
|
|
02-24-2007, 07:01 AM
|
#8
|
Member
Registered: Nov 2006
Posts: 51
Rep:
|
-->
Hey,
From a security point of view, not allowing root is a great idea.
I also run a dedicated ssh server just for a personal use shell when im out and about.
Within a week of setting it up I checked /var/log/auth.log and had over ten thousand Illegal login attempts, from plenty of different addresses. I found an easy fix, in the sshd or ssh config file there is an option to change the default port that openssh runs on.
I changed it to 23, and now 99% of the login attempts are from a telnet client :-P
But for some reason they only try once instead of a thousand times, which is nice, just enough info to get their IP and do some friendly research. hehe
Anyway to see whos been sniffing around ur SSH,
try looking at /var/log/auth.log
I think you will be surprised =)
Good Luck!
Luke
|
|
|
All times are GMT -5. The time now is 02:07 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|