Re: able to login as root via ssh :-(

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Todd Zullinger wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Don Russell wrote:
FC5
openssh-4.3p2-4

I was surprised to find that I can log in as root via ssh from my Windows machine to my FC5 box.

Why?  Just curious what made you believe it was disabled by default.

Well.... just ignorance on my part.... but ftp doesn't allow me log in as root, and I don't recall changing that setting. Call it "I expected any form of remote access to be consistent in denying root access". Of course they are different programs (ftp server/ssh server)... and I always see messages that say "... ssh in, then su - to root...." sort of implies that ssh to root directly won't work. But again, abad assumption on my part. :-(


I've always used ssh to log in as a user then 'su -' ....

I don't see anything in /etc/ssh/sshd_config to prevent that, or
enable it for that matter?

Line 39 in the default /etc/ssh/sshd_config:

#PermitRootLogin yes

The comments at the top indicate that commented values should
represent the defaults.

Now that it's pointed out to me, of course I see that. :-) Thank you.
One of these days I will learn how to do a case-insensitive search in vim :-( I did /root and of course it came up empty... so I figured there must have been some other place...

What do I need to change so root can't be logged in via ssh? Or is
it letting me because it recognizes a key?

Uncomment the above line and change yes to no.

You might also want to disable password based authentication and only
allow a few explicit users.  See PasswordAuthentication and AllowUsers
in the sshd_config(5) man page.

That's a good idea.... I'm the only one that needs remote access.... and my logs are always showing people "knocking at the door" sometimes hundreds a day.


Thanks... now, if only it wouldn't bother asking for a password when the userid is 'root'.. like ftp simply denies the request right there. But, at least that little door is closed now. :-)


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux