Solved

let root login using ssh-keys and disable all other users onlinux

Posted on 2010-09-01
6
428 Views
Last Modified: 2012-05-10
Is it possible?

Thanks.
0
Comment
Question by:sminfo
6 Comments
 
LVL 29

Accepted Solution

by:
fosiul01 earned 250 total points
ID: 33577732
yes that possible

you just need to add   /sbin/nologin word with each users in /etc/passwd file .  ( there is a command which you can use instead of editing /etc/passwd file)

example :

nobody:x:99:99:Nobody:/:/sbin/nologin


and in sshd_config file

insert this line

PermitRootLogin without-password


then reboot the sshd daemon

it will allow root to use key only and

by editing /etc/passwd file ( sbin/nologin) it will prevent to user to login to the server.


0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 250 total points
ID: 33577870
You could also add to sshd_config
AllowUsers root
PermitRootLogin without-password

and disable all remote access like telnet, rsh and the like.
Remains only the phyical system console - is this a concern for you?

 
0
 
LVL 3

Expert Comment

by:simoesp
ID: 33578201
you can  always block an account by doing

passwd -l

then generate an ssh key to login without password

0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 3

Expert Comment

by:fernandomerces
ID: 33583469
I don't know the /sbin/nologin program. I use /bin/false instead.

BUT I really recommends that you use a normal account to login via SSH and then elevate your privileges to root (su/sudo). Believe, you don't need root logged all time and you'll increase security.

Regards,

Fernando
0
 
LVL 12

Expert Comment

by:mccracky
ID: 33632679
I would concur with fernandomerces AND woolmilkporc.

Use the sshd_config with allowusers and don't log in directly as root.
0
 

Author Closing Comment

by:sminfo
ID: 33796700
The answers are fine and solved my question.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question