LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 11-27-2013, 11:40 PM   #1
raghu88
LQ Newbie
 
Registered: Nov 2013
Posts: 3

Rep: Reputation: Disabled
Smile SSH configuration


Hi,
getting the warning from Root Hunter when I run a check

Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.

any one explain me briefly i'm new to linux and if it is set then what happens? how to set?

Thanks.
 
Old 11-27-2013, 11:45 PM   #2
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and CentOS
Posts: 6,037

Rep: Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407
Hi,

normally ssh root access should be disabled. If a remote user wants root access they should ssh to the box as a normal user and then su to root. This is a security policy, the reason being that all *nix machines have a root user, so by disabling ssh as root an attacker will need to "guess" both the username and the password.

In short you should probably add the following line to your /etc/ssh/sshd_config
Code:
PermitRootLogin no
HTH,

Evo2.
 
1 members found this post helpful.
Old 11-28-2013, 12:14 AM   #3
raghu88
LQ Newbie
 
Registered: Nov 2013
Posts: 3

Original Poster
Rep: Reputation: Disabled
i want to make sure once,

If PermitRootLogin is set to no then remote user can't login as root user right?
 
Old 11-28-2013, 12:18 AM   #4
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and CentOS
Posts: 6,037

Rep: Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407
Hi,
Quote:
Originally Posted by raghu88 View Post
i want to make sure once,

If PermitRootLogin is set to no then remote user can't login as root user right?
Correct - if we are only considering ssh.

Cheers,

Evo2.
 
1 members found this post helpful.
Old 11-28-2013, 12:28 AM   #5
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,283

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
Quote:
Originally Posted by raghu88 View Post
i want to make sure once,

If PermitRootLogin is set to no then remote user can't login as root user right?
Just so you are 100% clear, with this setting a remote user cannot directly login as root via ssh. However, they can ssh in as a normal user. Then once logged in this way, they can login to root from the command line (given they know the root password, or have been configured in /etc/sudoers, etc.)

Also, after you put this PermitRootLogin directive in /etc/ssh/sshd_config, you must force the currently running ssh daemon to reload its configuration. On many systems, the following will accomplish that:

Code:
sudo /etc/init.d/ssh reload
"reload" is safer than "restart". If you were ssh'ed into your machine, messed up the sshd_config file by accident, and then issued a "restart" command and ssh failed to restart (because you goobered up its config file), then you could end up locking yourself out.
 
1 members found this post helpful.
Old 11-28-2013, 02:23 AM   #6
kooru
Senior Member
 
Registered: Sep 2012
Posts: 1,385

Rep: Reputation: 274Reputation: 274Reputation: 274
Hi and welcome to LQ!
In addiction, I suggest some reading about ssh configuration that can be useful.

http://www.cyberciti.biz/tips/linux-...practices.html
https://signalboxes.net/misc/hardening-ssh/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH configuration zulfahmi Linux - Server 6 03-22-2007 11:28 AM
SSH Configuration wildcat22 Linux - Networking 1 09-27-2005 09:47 AM
SSH Configuration xedios Linux - Software 2 10-25-2004 04:02 PM
SSH configuration help dt23 Mandriva 16 04-07-2004 04:29 PM
SSH configuration...someone please help leroy27336 Linux - Networking 28 11-16-2003 02:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 09:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration