let root login using ssh-keys and disable all other users onlinux

Is it possible?

Thanks.
sminfoAsked:
Who is Participating?
 
fosiul01Connect With a Mentor Commented:
yes that possible

you just need to add   /sbin/nologin word with each users in /etc/passwd file .  ( there is a command which you can use instead of editing /etc/passwd file)

example :

nobody:x:99:99:Nobody:/:/sbin/nologin


and in sshd_config file

insert this line

PermitRootLogin without-password


then reboot the sshd daemon

it will allow root to use key only and

by editing /etc/passwd file ( sbin/nologin) it will prevent to user to login to the server.


0
 
woolmilkporcConnect With a Mentor Commented:
You could also add to sshd_config
AllowUsers root
PermitRootLogin without-password

and disable all remote access like telnet, rsh and the like.
Remains only the phyical system console - is this a concern for you?

 
0
 
simoespCommented:
you can  always block an account by doing

passwd -l

then generate an ssh key to login without password

0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
fernandomercesCommented:
I don't know the /sbin/nologin program. I use /bin/false instead.

BUT I really recommends that you use a normal account to login via SSH and then elevate your privileges to root (su/sudo). Believe, you don't need root logged all time and you'll increase security.

Regards,

Fernando
0
 
mccrackyCommented:
I would concur with fernandomerces AND woolmilkporc.

Use the sshd_config with allowusers and don't log in directly as root.
0
 
sminfoAuthor Commented:
The answers are fine and solved my question.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.