Hi;
How do I make it so that it's impossible to SSH into the server directly as root? That is, make it necessary to SSH in as an ordinary user and then su to root?
TIA,
Suzie

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

You can edit sshd_config, find PermitRootLogin yes and replace yes to no. Like this:

PermitRootLogin no

This is disallow root for directly login from ssh.

-DS-


-----Original Message-----
From: Susan Day <suzieprogrammer@gmail.com>
Date: Tue, 5 Jan 2010 09:11:17
To: CentOS mailing list<centos@centos.org>
Subject: [CentOS] Signing In Other than Root

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Susan Day wrote:
> Hi;
> How do I make it so that it's impossible to SSH into the server directly
> as root? That is, make it necessary to SSH in as an ordinary user and
> then su to root?
> TIA,
> Suzie

# vim /etc/ssh/sshd_config

Uncomment the following line:

#PermitRootLogin yes
PermitRootLogin no

# service sshd restart

Regards,
Max
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Tue, January 5, 2010 8:11 am, Susan Day wrote:
> Hi;
> How do I make it so that it's impossible to SSH into the server directly
> as
> root? That is, make it necessary to SSH in as an ordinary user and then su
> to root?
> TIA,
> Suzie
> _______________________________________________
You can add all users to a group, lets say remote_group, and then in
sshd.conf specify that only users from that group are allowed to login via
ssh.

Bo Lynch



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Hi,

> How do I make it so that it's impossible to SSH into the server directly
> as root?

man ssh_config ->

PermitRootLogin
Specifies whether root can login using ssh(1). The argument
must be "yes", "without-password", "forced-commands-only" or
"no". The default is "yes".

If this option is set to "without-password" password authentica-
tion is disabled for root. Note that other authentication meth-
ods (e.g., keyboard-interactive/PAM) may still allow root to
login using a password.

If this option is set to "forced-commands-only" root login with
public key authentication will be allowed, but only if the
command option has been specified (which may be useful for tak-
ing remote backups even if root login is normally not allowed).
All other authentication methods are disabled for root.

If this option is set to "no" root is not allowed to login.


You have to restart the SSH server (service sshd restart) after modifying
the file /etc/ssh/sshd_config.


Chris
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

From: Susan Day <suzieprogrammer@gmail.com>
>How do I make it so that it's impossible to SSH into the server directly as root? That is, make it necessary to SSH in as an ordinary user and then su to root?

Google says:

/etc/ssh/sshd_config:
PermitRootLogin no

JD



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Tue, Jan 5, 2010 at 9:16 AM, Max Hetrick <maxhetrick@verizon.net> wrote:

Susan Day wrote:

> Hi;

> How do I make it so that it's impossible to SSH into the server directly

> as root? That is, make it necessary to SSH in as an ordinary user and

> then su to root?

> TIA,

> Suzie



# vim /etc/ssh/sshd_config



Uncomment the following line:



#PermitRootLogin yes

PermitRootLogin no



# service sshd restart

Thanks!
Suzie

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos