Jay-Shahj
asked on
SSH Information, Don't root login??
Hi,
I'm quite new to SSH security, so please forgive me. I've read on the internet (somewhere), that you should never login as 'root', which is what I've been doing on my server for around 4 months, is that wrong? They claim you should make an account with a root 0 UID (eh?) or use su - (what's that point?).
Many Thanks,
Jay
I'm quite new to SSH security, so please forgive me. I've read on the internet (somewhere), that you should never login as 'root', which is what I've been doing on my server for around 4 months, is that wrong? They claim you should make an account with a root 0 UID (eh?) or use su - (what's that point?).
Many Thanks,
Jay
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Of causd
so in /etc/ssh/sshd_config change the setting
#PermitRootLogin yes
into
PermitRootLogin no
---
Logon as a restricted user and use
su -
to change your permissions to the root account.
Tolomir
so in /etc/ssh/sshd_config change the setting
#PermitRootLogin yes
into
PermitRootLogin no
---
Logon as a restricted user and use
su -
to change your permissions to the root account.
Tolomir
wow that was fast....
ASKER
You have no obligation to answer this:
jrs@server [/]# su -
-bash: /bin/su: Permission denied
Help :)
jrs@server [/]# su -
-bash: /bin/su: Permission denied
Help :)
what do you get with "su"
ASKER
jrs@server [~]# su
-bash: /bin/su: Permission denied
Thanks for your help,
Jay
P.S. I did adduser jrs then passwd jrs to make the account.
-bash: /bin/su: Permission denied
Thanks for your help,
Jay
P.S. I did adduser jrs then passwd jrs to make the account.
can you login as root on that machine locally?
ASKER
Locally as in through Putty (yes, I can), servers in the US, I'm in the UK.
Jay
Jay
so there is a password set for root?
I'm asking because "su -" could be rejected if no password for root is set!
does
"su - jrs" work?
"su - jrs" work?
ASKER
There is a nice strong password set for root.
No su - jrs doesn't work
:(
Jay
No su - jrs doesn't work
:(
Jay
Ok try this as root:
chmod 755 /bin/su
chmod 755 /bin/su
It seems like the user jrs didn't have permissions to execute "su". With "chmod 755 /bin/su" you grant all users the permission to execute "/bin/su".
If that is a security problem, set permissions to "chmod 750 /bin/su" and add the user to the group "/bin/su" is assigned to.
If that is a security problem, set permissions to "chmod 750 /bin/su" and add the user to the group "/bin/su" is assigned to.
ASKER
ASKER