• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 114
  • Last Modified:

How do I see man for /etc/ssh/sshd_config file?

I am interested in options to disable remote root access.
I want to know what does these lines mean:

# Authentication:
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes

Open in new window

System: Debian GNU/Linux 8.5
0
Taras Shumylo
Asked:
Taras Shumylo
4 Solutions
 
woolmilkporcCommented:
man sshd_config

If you need further assistance please let us know.
0
 
andreasSystem AdminCommented:
man sshd_config is working on my distro.

root login only with authentication methods other than password

strictmodes logins only if file permissions on the necessary files are as expected. No others than user should be able to edit.
0
 
Dr. KlahnPrincipal Software EngineerCommented:
I think you'll find this satisfactory:


# Authentication:
LoginGraceTime 15
PermitRootLogin no
StrictModes yes

Open in new window


Line 1:  Reduces the time allowed to log in to 15 seconds.  Most users should be able to type in their username and password within 15 seconds.  If this is too short, increase it as desired.  The default time of one minute is too long imo; it allows denial of service by a hostile using up limited SSH connections but not logging in.

Line 2:  Disables root logins over SSH entirely.  Anyone wanting to SSH in and use root privileges must su or sudo after logging in unprivileged.

Line 3:  "The option StrictModes specifies whether ssh should check user's permissions in their home directory and rhosts files before accepting login. This option must always be set to yes because sometimes users may accidentally leave their directory or files world-writable."

See also this brief discussion of sshd security options.
0
 
arnoldCommented:
You should have an entry, allowrootlogin or permitrootlogin change it to join, restart ssh and it will deny root login via ssh.
As the prior experts, the setting will allow root to login if/when using dsa/RSA keys in authorized_keys2 containing the public key when ssh-keygen -t (dsa|rsa)
I think depending on your version other ciphers might be available using 1024 bit or larger.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now