how can i stop root logging into ssh ? I presume there is a setup file somewhere? thanks
Hi On Mon 16-Jan-2006 at 11:19:39AM +0000, Tom Brown wrote:> how can i stop root logging into ssh ? I presume there is a setup file > somewhere?Add this line to /etc/ssh/sshd_config PermitRootLogin no Chris -- Chris Croome <chris at webarchitects.co.uk> web design http://www.webarchitects.co.uk/ web content management http://mkdoc.com/
On 1/16/06, Tom Brown <tom.brown at goodtechnology.com> wrote:> > how can i stop root logging into ssh ? I presume there is a setup file > somewhere?man sshd_config will give you details of how to configure sshd. -- Cheers, Tony -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20060116/78c66fcc/attachment-0005.html>
On Mon, 16 Jan 2006, Tom Brown wrote:> how can i stop root logging into ssh ? I presume there is a setup file > somewhere? >man sshd_config or set PermitRootLogin no in /etc/ssh/sshd_config ------------------------------------------------------------------------ Jim Wildman, CISSP, RHCE jim at rossberry.com http://www.rossberry.com "Society in every state is a blessing, but Government, even in its best state, is a necessary evil; in its worst state, an intolerable one." Thomas Paine
In your sshd configfile, you can disable root login: ********************************************* /etc/ssh/sshd_config: PermitRootLogin no ********************************************* Hope this helps -- Cheers! Wim De Hul ----------------------------------------- Belgacom International Carrier Services AS6774 ----------------------------------------- Tel: +32 2 547 5151 option 1-3 Mail: noc at belbone.be Peering: peering at belbone.be Abuse: abuse at belbone.be ----------------------------------------- My public key is available at: hkp://subkeys.pgp.net ----------------------------------------- On Mon, Jan 16, 2006 at 11:19:39AM +0000, Tom Brown wrote:> how can i stop root logging into ssh ? I presume there is a setup file > somewhere? > > thanks > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20060116/e23fdac0/attachment-0005.sig>
On Jan 16, 2006, at 5:19 AM, Tom Brown wrote:> how can i stop root logging into ssh ? I presume there is a setup > file somewhere? > > thanks >In addition to the suggestion on how to turn off root, you may want to also explicitly allow only certain users. AllowUsers username To even tighten it down even more. You wouldn't believe the number of attempts I get on my DSL line to login.
I am really pissed at myself for doing such a thing but here's what I did. Awhile back, geez, weeks ago now, I put together this amd 64 clawhammer system. I set it up and never adjusted the date to the correct time (year) and after burning it in for bout a week...It was online but I really wasn't doing anything w/it...I would just go to it every now and then just to make sure It was up and that was it. kk...finally I decided to let it "take the ball"(common ip), and let it do all the serving and syncing up the other 2 centos boxes. Oh my, now what a mess w/all the files it's syncing up w/all the wrong dates...I year back...2005 instead of 2006!!! I now have 3 centos boxes in total confusion over this file time problem!!! I feel really ashamed of myself for doing such a thing but I can't be concerned w/that but rather repair all this mess. I am looking for suggestions on how to repair this mess. My mind is telling me that right now, don't let any of the 3 boxes talk to each other until I got it right again and 1 by one re-install from scratch each of the systems but then, there is still all the /home, /root, mail files, that still have to be reckoned with. I don't really think that's the way to go...I am thinking of some kind of script to look at access dates and like say everything that was accessed on say, last Jan...change it to jan 06 I really don't know the best approach here. thx John Rose