Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How do I see man for /etc/ssh/sshd_config file?

Posted on 2016-08-29
4
Medium Priority
?
104 Views
Last Modified: 2016-09-01
I am interested in options to disable remote root access.
I want to know what does these lines mean:

# Authentication:
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes

Open in new window

System: Debian GNU/Linux 8.5
0
Comment
Question by:Taras Shumylo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 41774563
man sshd_config

If you need further assistance please let us know.
0
 
LVL 12

Assisted Solution

by:andreas
andreas earned 500 total points
ID: 41774568
man sshd_config is working on my distro.

root login only with authentication methods other than password

strictmodes logins only if file permissions on the necessary files are as expected. No others than user should be able to edit.
0
 
LVL 29

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 500 total points
ID: 41774569
I think you'll find this satisfactory:


# Authentication:
LoginGraceTime 15
PermitRootLogin no
StrictModes yes

Open in new window


Line 1:  Reduces the time allowed to log in to 15 seconds.  Most users should be able to type in their username and password within 15 seconds.  If this is too short, increase it as desired.  The default time of one minute is too long imo; it allows denial of service by a hostile using up limited SSH connections but not logging in.

Line 2:  Disables root logins over SSH entirely.  Anyone wanting to SSH in and use root privileges must su or sudo after logging in unprivileged.

Line 3:  "The option StrictModes specifies whether ssh should check user's permissions in their home directory and rhosts files before accepting login. This option must always be set to yes because sometimes users may accidentally leave their directory or files world-writable."

See also this brief discussion of sshd security options.
0
 
LVL 80

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 41775717
You should have an entry, allowrootlogin or permitrootlogin change it to join, restart ssh and it will deny root login via ssh.
As the prior experts, the setting will allow root to login if/when using dsa/RSA keys in authorized_keys2 containing the public key when ssh-keygen -t (dsa|rsa)
I think depending on your version other ciphers might be available using 1024 bit or larger.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question