let root login using ssh-keys and disable all other users onlinux

Posted on 2010-09-01
Medium Priority
Last Modified: 2012-05-10
Is it possible?

Question by:sminfo
LVL 29

Accepted Solution

fosiul01 earned 1000 total points
ID: 33577732
yes that possible

you just need to add   /sbin/nologin word with each users in /etc/passwd file .  ( there is a command which you can use instead of editing /etc/passwd file)

example :


and in sshd_config file

insert this line

PermitRootLogin without-password

then reboot the sshd daemon

it will allow root to use key only and

by editing /etc/passwd file ( sbin/nologin) it will prevent to user to login to the server.

LVL 68

Assisted Solution

woolmilkporc earned 1000 total points
ID: 33577870
You could also add to sshd_config
AllowUsers root
PermitRootLogin without-password

and disable all remote access like telnet, rsh and the like.
Remains only the phyical system console - is this a concern for you?


Expert Comment

ID: 33578201
you can  always block an account by doing

passwd -l

then generate an ssh key to login without password

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!


Expert Comment

ID: 33583469
I don't know the /sbin/nologin program. I use /bin/false instead.

BUT I really recommends that you use a normal account to login via SSH and then elevate your privileges to root (su/sudo). Believe, you don't need root logged all time and you'll increase security.


LVL 12

Expert Comment

ID: 33632679
I would concur with fernandomerces AND woolmilkporc.

Use the sshd_config with allowusers and don't log in directly as root.

Author Closing Comment

ID: 33796700
The answers are fine and solved my question.

Featured Post

Build your data science skills into a career

Are you ready to take your data science career to the next step, or break into data science? With Springboard’s Data Science Career Track, you’ll master data science topics, have personalized career guidance, weekly calls with a data science expert, and a job guarantee.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question