Disabling root login on ssh?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi there,
Two things. First, to fix your problem.
If you send me the following files, I 
will take a look at them and provide you with any information you may 
need to fix them:

/etc/pam.d/sshd
/etc/ssh/sshd_config

And just to be safe, send me this one as well:

/etc/pam.d/login

Now, to answer your questions about pam.
No, pam has nothing to do with kerberos, accept that pam modules could 
use it I guess if you had the right one. Pam stands for plugable 
authentication modules, and it is supposed to provide a uniform way for 
programs to authenticate users. Programs that are written to support pam 
can easily authenticate users according to pam's configuration, and the 
programs need not have any knolege of how the authentication takes 
place. In some cases, programs that do their own authentication can have 
their authentication decisions ignored because of pam. This depends 
on how the program is written. For example, if sshd were configured to 
check with pam for authentication, whether or not the permitrootlogin 
setting were honored would depend on when and how sshd checked it. If 
pam allowed the authentication, and sshd just accepted that without any 
further checks, then the permitrootlogin setting would make no 
difference. The good news is that if this is the case, pam does have a 
module that allows authentication to be automatically denied if the user 
requesting authentication is root.

Ok, I hope that cleared things up a little. I just finished doing some 
reading up on pam, so if anyone has any questions, I can probably answer 
them. <grin>
-- 
Joseph C. Lininger
jbahm at pcdesk.net
Note, the following is used for automated processing. Please lieve in 
tact if quoting me in a reply.
Verification: 5eab38a77ac40416e075be8f50607ff7

On Mon, 16 Aug 2004, Sina Bahram wrote:

> Wait now...isn't pam a Kerberoes thing?
>
> I'm not sure about that at all, just I thought it was.
>
> I wil however, RTFM, and also RTFG for google *smile*
>
> But honest, I read all the documentation for this disabling root thing, and
> everyone says go do what I did....but I shall look at the pam.d sshd file,
> thank you
>
> Take care,
> Sina
>
> No trees were destroyed in sending this message; however, a large number of
> electrons were terribly inconvenienced.
> -----Original Message-----
> From: speakup-bounces at braille.uwo.ca [mailto:speakup-bounces at braille.uwo.ca]
> On Behalf Of Joseph C. Lininger
> Sent: Monday, August 16, 2004 7:27 PM
> To: Speakup is a screen review system for Linux.
> Subject: Re: Disabling root login on ssh?
>
> First, you must restart the sshd process for that to take effect. If that
> doesn't work, then your problem probably has to do with pam. Look in your
> /etc/pam.d directory, in the file called sshd.
> --
> Joseph C. Lininger
> jbahm at pcdesk.net
> Note, the following is used for automated processing. Please lieve intact if
> quoting me in a reply.
> Verification: 5eab38a77ac40416e075be8f50607ff7
> ----- Original Message -----
> From: "Sina Bahram" <sbahram at nc.rr.com>
> To: "'Speakup is a screen review system for Linux.'"
> <speakup at braille.uwo.ca>
> Sent: Monday, August 16, 2004 10:55 AM
> Subject: Disabling root login on ssh?
>
>
>> Hi guys,
>>
>> For some reason I can't get this to work, I uncommented the line in my
>> /etc/ssh/sshd_config file that reads PermitRootLogin yes and changed it to
>> no; however, it still allows me to login as root.
>>
>> What can I do to disable root login via ssh?
>>
>> Take care,
>> Sina
>>
>>
>> _______________________________________________
>> Speakup mailing list
>> Speakup at braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>




[Index of Archives]     [Linux for the Blind]     [Fedora Discussioin]     [Linux Kernel]     [Yosemite News]     [Big List of Linux Books]
  Powered by Linux