Solved

How do I see man for /etc/ssh/sshd_config file?

Posted on 2016-08-29
4
63 Views
Last Modified: 2016-09-01
I am interested in options to disable remote root access.
I want to know what does these lines mean:

# Authentication:
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes

Open in new window

System: Debian GNU/Linux 8.5
0
Comment
Question by:Taras Shumylo
4 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 125 total points
ID: 41774563
man sshd_config

If you need further assistance please let us know.
0
 
LVL 11

Assisted Solution

by:andreas
andreas earned 125 total points
ID: 41774568
man sshd_config is working on my distro.

root login only with authentication methods other than password

strictmodes logins only if file permissions on the necessary files are as expected. No others than user should be able to edit.
0
 
LVL 23

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 125 total points
ID: 41774569
I think you'll find this satisfactory:


# Authentication:
LoginGraceTime 15
PermitRootLogin no
StrictModes yes

Open in new window


Line 1:  Reduces the time allowed to log in to 15 seconds.  Most users should be able to type in their username and password within 15 seconds.  If this is too short, increase it as desired.  The default time of one minute is too long imo; it allows denial of service by a hostile using up limited SSH connections but not logging in.

Line 2:  Disables root logins over SSH entirely.  Anyone wanting to SSH in and use root privileges must su or sudo after logging in unprivileged.

Line 3:  "The option StrictModes specifies whether ssh should check user's permissions in their home directory and rhosts files before accepting login. This option must always be set to yes because sometimes users may accidentally leave their directory or files world-writable."

See also this brief discussion of sshd security options.
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 125 total points
ID: 41775717
You should have an entry, allowrootlogin or permitrootlogin change it to join, restart ssh and it will deny root login via ssh.
As the prior experts, the setting will allow root to login if/when using dsa/RSA keys in authorized_keys2 containing the public key when ssh-keygen -t (dsa|rsa)
I think depending on your version other ciphers might be available using 1024 bit or larger.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Secure Shell (SSH) is a network protocol for secure data communication, mainly used to administer remote Unix / Linux servers via command line. But it also allows the user to open a secure tunnel between a client and a server where he can send any k…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now