LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-17-2007, 12:30 PM   #1
zhanka
LQ Newbie
 
Registered: Feb 2007
Posts: 4

Rep: Reputation: 0
Lightbulb SSH Problem


Hello Linux Guru's

I have a dedicated server, i am using username Root to access my server true ssh.

as i researched, there is one more account, except root

how can i see how many accounts are in my ssh accessing my server, i want to know all accounts and disable them + want to delete them...


Please, if there is any command to list all accounts. so i leave only root account and disable all other accounts.


waiting...


Regards
Zhanka
 
Old 02-17-2007, 12:55 PM   #2
elsheikhmh
Member
 
Registered: Aug 2004
Location: Cairo, Egypt
Distribution: Slackware
Posts: 101

Rep: Reputation: 15
Checking
http://usalug.org/phpBB2/viewtopic.p...dd9269a61e4e2e
you can edit /etc/ssh/sshd_config and add:
AllowUsers <SomeUserName>
to restrict access only from those users.

Best Regards,
Mustafa Elsheikh
la République du Mustafa Elsheikh
 
Old 02-17-2007, 01:30 PM   #3
zhanka
LQ Newbie
 
Registered: Feb 2007
Posts: 4

Original Poster
Rep: Reputation: 0
thanks,
should i add this line:

AllowUsers root

like this ? if i am correct, please confirm, as i did add this, still when i use username: admin, it asks for password, it means others can login.
 
Old 02-17-2007, 01:51 PM   #4
elsheikhmh
Member
 
Registered: Aug 2004
Location: Cairo, Egypt
Distribution: Slackware
Posts: 101

Rep: Reputation: 15
issue
Code:
service sshd restart
also, even if it asks for password, it doesn't mean they can login.
Code:
cat /etc/passwd
lists all users. some of them can login to Linux in general and others cannot.

also, I found some post here interesting:
Code:
AllowUsers root
AllowGroups root
read it at: HowTo sshd deny all users except for one?

Best Regards,
Mustafa Elsheikh
la République du Mustafa Elsheikh
 
Old 02-17-2007, 02:00 PM   #5
Freemor
Member
 
Registered: Aug 2005
Location: New Brunswick
Distribution: Trisquel
Posts: 70
Blog Entries: 8

Rep: Reputation: 15
Allowing root to log into ssh is not the best idea from a security standpoint. It would be better to log in as a regular user and set it up so that user has appropriate sudo privledges to do what is needed. That way you can limit what can be done remotely to the few things that are likely to need to be done.

Also many brute force ssh attacks are looking for root accounts. So not allowing root at all raises the bar a bit as they then need to figure out what user to try to gain access as. (of course stay away from names like admin, guest, sysop, etc).

it is a bit more work (not that much really), but gives you much finer contorl over what the user can and can not do. Also sudo can be set up to log all sudo'd commands which can also help security wise.

hope this helps
Freemor

Last edited by Freemor; 02-17-2007 at 02:01 PM.
 
Old 02-17-2007, 02:13 PM   #6
zhanka
LQ Newbie
 
Registered: Feb 2007
Posts: 4

Original Poster
Rep: Reputation: 0
Thanks,

AllowUsers root
AllowGroups root

worked, i added this and restarted my dedicated server, now i can login with root only, not with my other accounts.

THANKS ONCE AGAIN DUDE
 
Old 02-17-2007, 02:15 PM   #7
zhanka
LQ Newbie
 
Registered: Feb 2007
Posts: 4

Original Poster
Rep: Reputation: 0
Good idea Freemor!
Cleaver!

thanks dude, will give a try!
 
Old 02-24-2007, 07:01 AM   #8
ljs662_removed
Member
 
Registered: Nov 2006
Posts: 51

Rep: Reputation: 15
-->

Hey,
From a security point of view, not allowing root is a great idea.
I also run a dedicated ssh server just for a personal use shell when im out and about.
Within a week of setting it up I checked /var/log/auth.log and had over ten thousand Illegal login attempts, from plenty of different addresses. I found an easy fix, in the sshd or ssh config file there is an option to change the default port that openssh runs on.
I changed it to 23, and now 99% of the login attempts are from a telnet client :-P
But for some reason they only try once instead of a thousand times, which is nice, just enough info to get their IP and do some friendly research. hehe

Anyway to see whos been sniffing around ur SSH,
try looking at /var/log/auth.log
I think you will be surprised =)
Good Luck!
Luke
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 03:50 AM
SSH problem - ssh-add not respond FerkoPica Linux - Security 6 05-07-2006 04:47 PM
Passwordless SSH with SSH commercial server and open ssh cereal83 Linux - General 7 04-18-2006 01:34 PM
ssh problem after creating an ssh alias. porotothorpe Linux - General 2 01-25-2006 08:56 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration