Re: blocking ssh Root Logins
On Mon, Mar 21, 2005 at 11:54:56AM -0600, Martin McCormick wrote:
> Hal Vaughan and others write:
> >Yes, according to "man sshd_config", you can disable root login by editing
> >the /etc/ssh/sshd_config file. If you see "PermitRootLogin Yes" change the
> >yes to no. If you don't see it, add the line, but with a "no". It's
> >possible the line could be commented out (the default is to permit).
> I did actually read the man page and remember seeing something
> about that but I probably failed to kill -HUP sshd, maybe thinking
> that it read that file for every new login. I remember trying it and
> still being able to ssh in as root.
PAM will still allow root logins even if PermitRootLogin No is in the
sshd_config file. You either need UsePAM No also in the config file, or
configure PAM for ssh to deny root logins.
--
Rob
Reply to: