LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   forcing root login using keys instead of password (https://www.linuxquestions.org/questions/linux-server-73/forcing-root-login-using-keys-instead-of-password-4175418773/)

walidch 07-26-2012 07:43 AM

forcing root login using keys instead of password
 
Hi guys,

I want to force SSH to limit root login to keys and disable password, while keep the other users' login through passwords.

Could you please recommend a way to do that?

Thanks :)

earthnet 07-26-2012 10:27 AM

In your /etc/ssh/sshd_config file make sure that PublicKeyAuthentication is "yes" and PasswordAuthentication and UsePAM are set to "no". There might be another directive or two that I'm not remembering off the top of my head. Try it and if it let's you in without a key, then there is another directive to disable.

earthnet 07-26-2012 10:31 AM

Ignore that last post. I obviously didn't read the question very carefully.

There might be a way to do what you're asking but I think a better solution would be to disable root login and give sudo access to specific users who need admin access.

Wim Sturkenboom 07-26-2012 10:42 AM

I consider remote root login a risk (with or without keys). Rather create a user that knows the root password, let him/her login with his/her credentials and use 'su -' to gain root privileges.

Reuti 07-27-2012 05:34 AM

Quote:

Originally Posted by earthnet (Post 4738645)
In your /etc/ssh/sshd_config file make sure that PublicKeyAuthentication is "yes" and PasswordAuthentication and UsePAM are set to "no". There might be another directive or two that I'm not remembering off the top of my head. Try it and if it let's you in without a key, then there is another directive to disable.

There is the option in /etc/ssh/sshd_config:
Code:

PermitRootLogin without-password
Contrary to the first impression you get from this option, it will limit root logins to be done by public keys only. In addition it could be limited to be allowed only from certain machines with an AllowUsers option in addition therein.

walidch 07-27-2012 06:21 AM

Thank you guys, great help!!


All times are GMT -5. The time now is 06:34 AM.