Re: blocking ssh Root Logins

To: debian-user@lists.debian.org
Subject: Re: blocking ssh Root Logins
From: Martin McCormick <martin@dc.cis.okstate.edu>
Date: Mon, 21 Mar 2005 15:04:21 -0600
Message-id: <[🔎] 200503212104.j2LL4L9S016489@dc.cis.okstate.edu>

Pollywog writes:
>I just do '/etc/init.d/ssh reload'  because if I am ssh'ing to the host and 
>making changes, a 'kill -HUP sshd' will disconnect me from the session.

	On a multiuser box, I bet that nicely whacks every other
session including mine so thanks for saving me trouble later down the
line.:-)

	I tried /etc/init/ssh reload

and it worked without disruption.  The other little wrinkle that can
look a bit confusing is found in the man page for sshd.
________________________________________________________________________

     PermitRootLogin
	     Specifies whether the root can log in using ssh(1).  The argument
	     must be ``yes'', ``without-password'' or ``no''.  The default is
	     ``yes''.  If this options is set to ``without-password'' only
	     password authentication is disabled for root.
________________________________________________________________________

	If you just put ``NO'', the reload generates a squawk, but
``without-password'' had the effect of making the root password not
work for a direct root login just like the manual said.  It worked
properly for serial port logins and probably works okay for the
console as well as if one uses su -.  I think I might have also
thought that without-password meant the root shell was wide open and
you didn't need a password to get in.  It's safe to say that that
wouldn't be a desirable configuration on an Internet-connected box.

Martin McCormick WB5AGZ  Stillwater, OK 
OSU Information Technology Division Network Operations Group

Reply to:

Prev by Date: SATA controller not recognized by sarge
Next by Date: Re: SATA controller not recognized by sarge
Previous by thread: Re: blocking ssh Root Logins
Next by thread: sendmail 8.13.3-9 and syslog
Index(es):
- Date
- Thread