Hi; How do I make it so that it's impossible to SSH into the server directly as root? That is, make it necessary to SSH in as an ordinary user and then su to root? TIA, Suzie -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20100105/9d567d47/attachment-0002.html>
You can edit sshd_config, find PermitRootLogin yes and replace yes to no. Like this: PermitRootLogin no This is disallow root for directly login from ssh. -DS- -----Original Message----- From: Susan Day <suzieprogrammer at gmail.com> Date: Tue, 5 Jan 2010 09:11:17 To: CentOS mailing list<centos at centos.org> Subject: [CentOS] Signing In Other than Root _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
Susan Day wrote:> Hi; > How do I make it so that it's impossible to SSH into the server directly > as root? That is, make it necessary to SSH in as an ordinary user and > then su to root? > TIA, > Suzie# vim /etc/ssh/sshd_config Uncomment the following line: #PermitRootLogin yes PermitRootLogin no # service sshd restart Regards, Max
On Tue, January 5, 2010 8:11 am, Susan Day wrote:> Hi; > How do I make it so that it's impossible to SSH into the server directly > as > root? That is, make it necessary to SSH in as an ordinary user and then su > to root? > TIA, > Suzie > _______________________________________________You can add all users to a group, lets say remote_group, and then in sshd.conf specify that only users from that group are allowed to login via ssh. Bo Lynch
Hi,> How do I make it so that it's impossible to SSH into the server directly > as root?man ssh_config -> PermitRootLogin Specifies whether root can login using ssh(1). The argument must be "yes", "without-password", "forced-commands-only" or "no". The default is "yes". If this option is set to "without-password" password authentica- tion is disabled for root. Note that other authentication meth- ods (e.g., keyboard-interactive/PAM) may still allow root to login using a password. If this option is set to "forced-commands-only" root login with public key authentication will be allowed, but only if the command option has been specified (which may be useful for tak- ing remote backups even if root login is normally not allowed). All other authentication methods are disabled for root. If this option is set to "no" root is not allowed to login. You have to restart the SSH server (service sshd restart) after modifying the file /etc/ssh/sshd_config. Chris
From: Susan Day <suzieprogrammer at gmail.com>>How do I make it so that it's impossible to SSH into the server directly as root? That is, make it necessary to SSH in as an ordinary user and then su to root?Google says: /etc/ssh/sshd_config: PermitRootLogin no JD