Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

To: debian-user@lists.debian.org
Subject: Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
From: Peter Ludikovsky <peter@ludikovsky.name>
Date: Wed, 17 Feb 2016 15:23:39 +0100
Message-id: <[🔎] 56C4826B.2080108@ludikovsky.name>
In-reply-to: <[🔎] CAFMGiz9e10ugawRLti+SGjfZu4XHHXZKkG=n0mcR6XniPRvp5Q@mail.gmail.com>
References: <[🔎] CAFMGiz9e10ugawRLti+SGjfZu4XHHXZKkG=n0mcR6XniPRvp5Q@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The first requirement is simple. Add the line
  PermitRootLogin no
or change it accordingly, and reload the SSH daemon.

For the second: do you want to disallow any logins via passwords, or
are the to be allowed once to set up the keys? The first is easy, with
the line
  PasswordAuthentication no
The latter isn't possible, as far as I know, with the vanilla OpenSSH
daemon.

Regards,
/peter

Am 17.02.2016 um 15:08 schrieb Tom Browder:
> I have several remote Debian 7 servers and would like to secure it
> in the following manner:
> 
> 1. root will not be allowed any external access (access is only via
> a user becoming root while logged in)
> 
> 2. after initial setup, no ssh access will be allowed via a
> password
> 
> I have seen much documentation on securing such a host, but I
> don't want to be an expert--I just need a recipe.
> 
> Many thanks.
> 
> Best regards,
> 
> -Tom
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWxIJrAAoJEM+6Ng5pbtyZc1gP/jjPfucXz7DvaGuAOmiSeKof
rBcS+oTU4znY57+whr0cNW+douaH/f7d7Vwcun5b3IUA1EUFHC9G74/CR4bU3XbD
aEKeBGIF6eUVw6jE0Sh5aFs6D+AoFePZKurs173azjfgFcveynYv3eSbzWk/e60U
KgRwtoSRLQu3wKZLJh/lR4/Ukx+spEvGzGvtc3PdkioT79u3OxdSw/FFm8r0N4qH
ifcX2R6hE4HsoVM3QMbEIxhiwbs63+j8Mu0ASfagLsPi1MqKBfLg5Iy1JeV5d1ND
plrDFaSRrzfJqNqO8nxwtUxji9ruQ1XkBo3DvdmXc/ZwOiJzNSCM/wvHuTupCq1x
gn3WfCEKryAZEmUx092CYFtbTLZ2Bu3A0vOHeFdiC2qGNqB85dicmhpMoouAnzq4
NaWDLJHXB8zdkvUL+zRIkoqACH8sBohogrqbnQAXCtJ+9LRqANdlvKs+F2Dp0eGE
GNIU3cscy6RtXYUDVFRFFgwp4oLOx3fE7Lv8EEV8o38KE7v712aNqzsCn8VuirWq
KHSoeUPTtD9o/0z4EOXRbMtwEPDgQjsUOHNPR73YNO/EJluNRA7JJ6E2aIkNTF8f
RwoWD9GhSi1CKzATn9GuaikejrpVGIFfSvdirVDgTOcuW82wfPiL1yyBhw6Kr2Y4
alA2W8K9y7InpEC1I/Ik
=S5IF
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
  - From: Tom Browder <tom.browder@gmail.com>

References:
- Debian security: need recipe for blocking root ssh access AND all ssh password access
  - From: Tom Browder <tom.browder@gmail.com>

Prev by Date: Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
Next by Date: Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
Previous by thread: Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
Next by thread: Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
Index(es):
- Date
- Thread