Solved

Remote root access using putty

Posted on 2004-08-26
6
770 Views
Last Modified: 2013-12-27
We are trying to minimise the ability of users logging on directly as root. By forcing them to log on as their own accounts and then su'ing to root, we can audit who has done what better.
/etc/default/login has CONSOLE=/dev/console which stops people logging is as root remotely when they use telnet.
However, now we are moving towarss SSH, I tried using PuTTY and found out that you CAN log in as root remotely with this product!

Does anyone know why this is allowed and how it can be stopped?

Thanks

Chris
0
Comment
Question by:cjshepherd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 11904145
Yes. I *assume*, since you don't say, that you are using OpenSSH.

In the sshd_config file, there is a specific entry for allowing/disallowing root login via SSH. I'll have to find it and I'll post it here.

If you're not using OpenSSH, well, we're Experts, not mindreaders. Tell us what you ARE using.
0
 

Author Comment

by:cjshepherd
ID: 11904290
Sorry - yes I am using OpenSSH.

0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11904399
What VERSION?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 34

Accepted Solution

by:
PsiCop earned 125 total points
ID: 11904431
The online man page for the the current version OpenSSH sshd_config file can be found at --> http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5&arch=&apropos=0&manpath=OpenBSD+Current

Specifically, you are probably interested in the DenyUsers and PermitRootLogin keywords. Using either one of those you will be able to block login as root using SSH.
0
 

Author Comment

by:cjshepherd
ID: 11905378
got it!  Thanks very much
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11905927
Don't forget to force the sshd daemon to re-read the config file after you change it. The changes are not effective until after SSH re-reads its config.

# kill -HUP [pid of sshd]

The pid is probably recorded in /var/run/sshd.pid or something similar.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question