LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 07-26-2012, 07:43 AM   #1
walidch
LQ Newbie
 
Registered: Mar 2009
Posts: 8

Rep: Reputation: 0
forcing root login using keys instead of password


Hi guys,

I want to force SSH to limit root login to keys and disable password, while keep the other users' login through passwords.

Could you please recommend a way to do that?

Thanks
 
Old 07-26-2012, 10:27 AM   #2
earthnet
Member
 
Registered: Jul 2012
Distribution: OpenSUSE
Posts: 36

Rep: Reputation: Disabled
In your /etc/ssh/sshd_config file make sure that PublicKeyAuthentication is "yes" and PasswordAuthentication and UsePAM are set to "no". There might be another directive or two that I'm not remembering off the top of my head. Try it and if it let's you in without a key, then there is another directive to disable.
 
Old 07-26-2012, 10:31 AM   #3
earthnet
Member
 
Registered: Jul 2012
Distribution: OpenSUSE
Posts: 36

Rep: Reputation: Disabled
Ignore that last post. I obviously didn't read the question very carefully.

There might be a way to do what you're asking but I think a better solution would be to disable root login and give sudo access to specific users who need admin access.
 
Old 07-26-2012, 10:42 AM   #4
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Ubuntu 12.04, Antix19.3
Posts: 3,794

Rep: Reputation: 282Reputation: 282Reputation: 282
I consider remote root login a risk (with or without keys). Rather create a user that knows the root password, let him/her login with his/her credentials and use 'su -' to gain root privileges.
 
Old 07-27-2012, 05:34 AM   #5
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339

Rep: Reputation: 260Reputation: 260Reputation: 260
Quote:
Originally Posted by earthnet View Post
In your /etc/ssh/sshd_config file make sure that PublicKeyAuthentication is "yes" and PasswordAuthentication and UsePAM are set to "no". There might be another directive or two that I'm not remembering off the top of my head. Try it and if it let's you in without a key, then there is another directive to disable.
There is the option in /etc/ssh/sshd_config:
Code:
PermitRootLogin without-password
Contrary to the first impression you get from this option, it will limit root logins to be done by public keys only. In addition it could be limited to be allowed only from certain machines with an AllowUsers option in addition therein.
 
Old 07-27-2012, 06:21 AM   #6
walidch
LQ Newbie
 
Registered: Mar 2009
Posts: 8

Original Poster
Rep: Reputation: 0
Thank you guys, great help!!
 
  


Reply

Tags
keys, passwordless, root login, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Distributing SSH host keys for password-less login kenneho Linux - Security 6 09-16-2008 06:52 AM
Password Recovery in Edubuntu 7.04 - In Terminal, Root Login : su , password : ????? farhannaeem13 Linux - Security 3 11-30-2007 09:59 AM
How to set login and password and root password in suse 10.2 sirius57 SUSE / openSUSE 8 07-24-2007 09:51 AM
SSH Login - Forcing keys! jackster Linux - Security 5 01-25-2005 08:09 AM
Forcing password change at first login vsp_123 Linux - Security 6 01-27-2004 11:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration