Solved

How do I see man for /etc/ssh/sshd_config file?

Posted on 2016-08-29
4
70 Views
Last Modified: 2016-09-01
I am interested in options to disable remote root access.
I want to know what does these lines mean:

# Authentication:
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes

Open in new window

System: Debian GNU/Linux 8.5
0
Comment
Question by:Taras Shumylo
4 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 125 total points
ID: 41774563
man sshd_config

If you need further assistance please let us know.
0
 
LVL 11

Assisted Solution

by:andreas
andreas earned 125 total points
ID: 41774568
man sshd_config is working on my distro.

root login only with authentication methods other than password

strictmodes logins only if file permissions on the necessary files are as expected. No others than user should be able to edit.
0
 
LVL 25

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 125 total points
ID: 41774569
I think you'll find this satisfactory:


# Authentication:
LoginGraceTime 15
PermitRootLogin no
StrictModes yes

Open in new window


Line 1:  Reduces the time allowed to log in to 15 seconds.  Most users should be able to type in their username and password within 15 seconds.  If this is too short, increase it as desired.  The default time of one minute is too long imo; it allows denial of service by a hostile using up limited SSH connections but not logging in.

Line 2:  Disables root logins over SSH entirely.  Anyone wanting to SSH in and use root privileges must su or sudo after logging in unprivileged.

Line 3:  "The option StrictModes specifies whether ssh should check user's permissions in their home directory and rhosts files before accepting login. This option must always be set to yes because sometimes users may accidentally leave their directory or files world-writable."

See also this brief discussion of sshd security options.
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 125 total points
ID: 41775717
You should have an entry, allowrootlogin or permitrootlogin change it to join, restart ssh and it will deny root login via ssh.
As the prior experts, the setting will allow root to login if/when using dsa/RSA keys in authorized_keys2 containing the public key when ssh-keygen -t (dsa|rsa)
I think depending on your version other ciphers might be available using 1024 bit or larger.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CentOS create a user with predefined MD5 Hashed password 17 84
How code a 301 redirect for folder files -> 1 file 2 39
Can't ping New Linux Servers 40 65
bash file 10 34
We all know how boring and exhausting it is to transfer huge web projects developed locally to a webserver simply via FTP. The File Transfer Protocol is a really nice solution if you need to transfer small amounts of files, but if you're plannin…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question