Re: blocking ssh Root Logins

To: debian-user@lists.debian.org
Subject: Re: blocking ssh Root Logins
From: Pollywog <linux-debian@shadypond.com>
Date: Mon, 21 Mar 2005 18:22:53 +0000
Message-id: <[🔎] 200503211822.53931.linux-debian@shadypond.com>
In-reply-to: <[🔎] 200503211754.j2LHsu9S012670@dc.cis.okstate.edu>
References: <[🔎] 200503211754.j2LHsu9S012670@dc.cis.okstate.edu>

On Monday 21 March 2005 05:54 pm, Martin McCormick wrote:
> Hal Vaughan and others write:
> >Yes, according to "man sshd_config", you can disable root login by editing
> >the /etc/ssh/sshd_config file.  If you see "PermitRootLogin Yes" change
> > the yes to no.  If you don't see it, add the line, but with a "no".  It's
> > possible the line could be commented out (the default is to permit).
>
>  I did actually read the man page and remember seeing something
> about that but I probably failed to kill -HUP sshd, maybe thinking
> that it read that file for every new login.  I remember trying it and
> still being able to ssh in as root.

I just do '/etc/init.d/ssh reload'  because if I am ssh'ing to the host and 
making changes, a 'kill -HUP sshd' will disconnect me from the session.

I have also had a separate sshd running on a different port (with its own 
config) while I made changes remotely, that way if I made a change that would 
not allow sshd to be restarted, I would still be able to login on the 
alternate port, fix whatever I had done, and restart the daemon on port 22.  
Then I would terminate the second session.

8)

-- 
sp@mtr@p: croak@shadypond.com

Reply to:

References:
- Re: blocking ssh Root Logins
  - From: Martin McCormick <martin@dc.cis.okstate.edu>

Prev by Date: DRI with ATI
Next by Date: Re: chkrootkit: Checking `bindshell'... INFECTED (PORTS: 600)
Previous by thread: Re: blocking ssh Root Logins
Next by thread: Re: blocking ssh Root Logins
Index(es):
- Date
- Thread