RE: ssh allowing root login with no password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Steven Buehler
Sent: Monday, May 09, 2011 2:19 PM
To: redhat-list@xxxxxxxxxx
Subject: ssh allowing root login with no password

I am trying to setup our servers to only allow logins with a
public/private
key pair.  2 of our machines have to have root login access with ssh and
the
rest, we will login as another account and su to root.  I just started
with
this company and on their boxes which range from version 5.1 to 5.5, if
I
open up the firewall to allow ssh access from anywhere, I can ssh to
root
without a password.  The only uncommented lines in the
/etc/ssh/sshd_config
are the following:

 

Protocol 2   

SyslogFacility AUTHPRIV

PasswordAuthentication no  

ChallengeResponseAuthentication no  

GSSAPIAuthentication yes

GSSAPICleanupCredentials yes 

UsePAM no

PubkeyAuthentication yes

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
LC_MESSAGES

AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 

AcceptEnv LC_IDENTIFICATION LC_ALL

GatewayPorts yes

X11Forwarding yes

Subsystem       sftp    /usr/libexec/openssh/sftp-server

 

I'm hoping that someone can lead me in the right direction as I can't
figure
this one out.  If this was only one machine, I would assume that it
might
have been hacked, but this is all of their servers and VM's that will
allow
me to ssh to them without a login/password and get into root.  Luckily,
they
have always had their (supposedly anyway) iptables set to only allow
access
from specific IP's.

 

Thanks

Steve

 
[[Brad Sites]] I would look in /root/.ssh.  I bet they have an
authorized_keys file there along with known_hosts.  That is where I
would start looking.

-Brad 

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux