Re: blocking ssh Root Logins
On Monday 21 March 2005 05:54 pm, Martin McCormick wrote:
> Hal Vaughan and others write:
> >Yes, according to "man sshd_config", you can disable root login by editing
> >the /etc/ssh/sshd_config file. If you see "PermitRootLogin Yes" change
> > the yes to no. If you don't see it, add the line, but with a "no". It's
> > possible the line could be commented out (the default is to permit).
>
> I did actually read the man page and remember seeing something
> about that but I probably failed to kill -HUP sshd, maybe thinking
> that it read that file for every new login. I remember trying it and
> still being able to ssh in as root.
I just do '/etc/init.d/ssh reload' because if I am ssh'ing to the host and
making changes, a 'kill -HUP sshd' will disconnect me from the session.
I have also had a separate sshd running on a different port (with its own
config) while I made changes remotely, that way if I made a change that would
not allow sshd to be restarted, I would still be able to login on the
alternate port, fix whatever I had done, and restart the daemon on port 22.
Then I would terminate the second session.
8)
--
sp@mtr@p: croak@shadypond.com
Reply to: