SP_2018 .
asked on
SSH to servers
Hi,
I have a security related question on Linux Ubuntu.
Can we remove sudo access to root console for power users.
But still allow admin to ssh to the servers with root password.
As a security measure is it a good idea to disable root access to everyone if connecting to servers remotely.
Thanks
I have a security related question on Linux Ubuntu.
Can we remove sudo access to root console for power users.
But still allow admin to ssh to the servers with root password.
As a security measure is it a good idea to disable root access to everyone if connecting to servers remotely.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I like serialband's answer. While both answers above will do you you want, I agree that Ubuntu has a security model that you would be breaking if you went with David's method. But David's method will work too. My concern would be that if you do David's method, and later someone else has to manage that machine, they may not be aware of the change and wonder why things are not working correctly.
If it is your machine only, you can go either way, but you might want to make a note of the change so sometime later, you will know why Sudu stopped working.
If it is your machine only, you can go either way, but you might want to make a note of the change so sometime later, you will know why Sudu stopped working.
Normally you would not allow root access at all.
(the root user is anonymous....) it would be better to use a "regular" account and only do privileged task using "sudo".
Ubuntu is dereived from Debian, which always has had this model.
IMO, follow serialbands recommendations on this.
(the root user is anonymous....) it would be better to use a "regular" account and only do privileged task using "sudo".
Ubuntu is dereived from Debian, which always has had this model.
IMO, follow serialbands recommendations on this.
This is easy, just remove users from the sudo config + they won't be able to run sudo commands anymore.
How exactly your sudo users config is laid out is Distro dependent.
2) But still allow admin to ssh to the servers with root password.
So long at the admin user logs in as root or has a sudo users entry allowing them to sudo, this will work.
3) As a security measure is it a good idea to disable root access to everyone if connecting to servers remotely.
Some people say yes.
To me just use a strong, unique password + hacking into ssh is near impossible, so I prefer to just login to all my machines + LXD containers as root.
Caveat: If you're unused to running with root sessions, keep in mind... with many commands... there's no way to recover from inputing the wrong command at the wrong place... For example...
Open in new window
Will destroy your system + require a fresh install.
I've seen someone actually do this + it's a mess.