Solved

let root login using ssh-keys and disable all other users onlinux

Posted on 2010-09-01
6
429 Views
Last Modified: 2012-05-10
Is it possible?

Thanks.
0
Comment
Question by:sminfo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 29

Accepted Solution

by:
fosiul01 earned 250 total points
ID: 33577732
yes that possible

you just need to add   /sbin/nologin word with each users in /etc/passwd file .  ( there is a command which you can use instead of editing /etc/passwd file)

example :

nobody:x:99:99:Nobody:/:/sbin/nologin


and in sshd_config file

insert this line

PermitRootLogin without-password


then reboot the sshd daemon

it will allow root to use key only and

by editing /etc/passwd file ( sbin/nologin) it will prevent to user to login to the server.


0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 250 total points
ID: 33577870
You could also add to sshd_config
AllowUsers root
PermitRootLogin without-password

and disable all remote access like telnet, rsh and the like.
Remains only the phyical system console - is this a concern for you?

 
0
 
LVL 3

Expert Comment

by:simoesp
ID: 33578201
you can  always block an account by doing

passwd -l

then generate an ssh key to login without password

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:fernandomerces
ID: 33583469
I don't know the /sbin/nologin program. I use /bin/false instead.

BUT I really recommends that you use a normal account to login via SSH and then elevate your privileges to root (su/sudo). Believe, you don't need root logged all time and you'll increase security.

Regards,

Fernando
0
 
LVL 12

Expert Comment

by:mccracky
ID: 33632679
I would concur with fernandomerces AND woolmilkporc.

Use the sshd_config with allowusers and don't log in directly as root.
0
 

Author Closing Comment

by:sminfo
ID: 33796700
The answers are fine and solved my question.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question