Re: disabling root logins -- HOWTO
/etc/ssh/sshd_config
add PermitRootLogin no
On Wed, 8 Sep 2004 20:03:12 -0500, Will Trillich <will@serensoft.com> wrote:
> we wanted to disable root logins (i.e. make it so that the only
> way to acquire root is via sudo or su after being logged in as a
> valid non-root user -- much better for tracking who's done what).
>
> /etc/pam.d/login contains
>
> # Disallows root logins except on tty's listed in /etc/securetty
> # (Replaces the `CONSOLE' setting from login.defs)
> auth requisite pam_securetty.so
>
> and /etc/securetty contains nothing but comments -- and still we
> could login from Out There (internet anywhere) as root.
>
> aha!
>
> /etc/pam.d/ssh contains instrux for ssh connections, and that's
> what we were using to connect -- ssh!
>
> after copying the above lines into /etc/pam.d/ssh (immediately
> below the
>
> auth required pam_nologin.so
>
> line) all is well.
>
> yesss! suddenly, root can't log in, not even via ssh. and to be
> certain, we still can log in as non-root from wherever, and then
> sudo and su when necessary. delightful!
>
> ===
>
> if there's other intervening traps to look for, we'd like to
> know about it. comments welcome.
>
> --
> I use Debian/GNU Linux version 3.0;
> Linux boss 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i586 unknown
>
> DEBIAN NEWBIE TIP #48 from Will Trillich <will@serensoft.com>
> :
> To peruse your CURRENT VIM SETTINGS (there's LOTS of them)
> from within Vim, simply do
> :options
> You can change them there, on-the-fly, as well. Type
> "ctrl-W ctrl-W" to switch "panes" or "ctrl-W q" to close one.
> Try ":help" to learn more.
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
--
Debian
Reply to: