Solved

How do I see man for /etc/ssh/sshd_config file?

Posted on 2016-08-29
4
80 Views
Last Modified: 2016-09-01
I am interested in options to disable remote root access.
I want to know what does these lines mean:

# Authentication:
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes

Open in new window

System: Debian GNU/Linux 8.5
0
Comment
Question by:Taras Shumylo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 125 total points
ID: 41774563
man sshd_config

If you need further assistance please let us know.
0
 
LVL 12

Assisted Solution

by:andreas
andreas earned 125 total points
ID: 41774568
man sshd_config is working on my distro.

root login only with authentication methods other than password

strictmodes logins only if file permissions on the necessary files are as expected. No others than user should be able to edit.
0
 
LVL 27

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 125 total points
ID: 41774569
I think you'll find this satisfactory:


# Authentication:
LoginGraceTime 15
PermitRootLogin no
StrictModes yes

Open in new window


Line 1:  Reduces the time allowed to log in to 15 seconds.  Most users should be able to type in their username and password within 15 seconds.  If this is too short, increase it as desired.  The default time of one minute is too long imo; it allows denial of service by a hostile using up limited SSH connections but not logging in.

Line 2:  Disables root logins over SSH entirely.  Anyone wanting to SSH in and use root privileges must su or sudo after logging in unprivileged.

Line 3:  "The option StrictModes specifies whether ssh should check user's permissions in their home directory and rhosts files before accepting login. This option must always be set to yes because sometimes users may accidentally leave their directory or files world-writable."

See also this brief discussion of sshd security options.
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 125 total points
ID: 41775717
You should have an entry, allowrootlogin or permitrootlogin change it to join, restart ssh and it will deny root login via ssh.
As the prior experts, the setting will allow root to login if/when using dsa/RSA keys in authorized_keys2 containing the public key when ssh-keygen -t (dsa|rsa)
I think depending on your version other ciphers might be available using 1024 bit or larger.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSL/TLS - openssl troubleshooting 3 79
Centos 7 DNS server not replying to clients 3 93
SSH in linux 9 92
What to monitor when using VCenter Server Linux Appliance ? 2 97
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question