Solved

Remote root access using putty

Posted on 2004-08-26
6
759 Views
Last Modified: 2013-12-27
We are trying to minimise the ability of users logging on directly as root. By forcing them to log on as their own accounts and then su'ing to root, we can audit who has done what better.
/etc/default/login has CONSOLE=/dev/console which stops people logging is as root remotely when they use telnet.
However, now we are moving towarss SSH, I tried using PuTTY and found out that you CAN log in as root remotely with this product!

Does anyone know why this is allowed and how it can be stopped?

Thanks

Chris
0
Comment
Question by:cjshepherd
  • 4
  • 2
6 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 11904145
Yes. I *assume*, since you don't say, that you are using OpenSSH.

In the sshd_config file, there is a specific entry for allowing/disallowing root login via SSH. I'll have to find it and I'll post it here.

If you're not using OpenSSH, well, we're Experts, not mindreaders. Tell us what you ARE using.
0
 

Author Comment

by:cjshepherd
ID: 11904290
Sorry - yes I am using OpenSSH.

0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11904399
What VERSION?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 34

Accepted Solution

by:
PsiCop earned 125 total points
ID: 11904431
The online man page for the the current version OpenSSH sshd_config file can be found at --> http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5&arch=&apropos=0&manpath=OpenBSD+Current

Specifically, you are probably interested in the DenyUsers and PermitRootLogin keywords. Using either one of those you will be able to block login as root using SSH.
0
 

Author Comment

by:cjshepherd
ID: 11905378
got it!  Thanks very much
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11905927
Don't forget to force the sshd daemon to re-read the config file after you change it. The changes are not effective until after SSH re-reads its config.

# kill -HUP [pid of sshd]

The pid is probably recorded in /var/run/sshd.pid or something similar.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now