Steven Buehler wrote:
> On 05/09/11 15:18, Steven Buehler wrote:
>> I am trying to setup our servers to only allow logins with a
>> public/private key pair. 2 of our machines have to have root login
>> access with ssh and the rest, we will login as another account and su
>> to root. I just started with this company and on their boxes which
>> range from version 5.1 to 5.5, if I open up the firewall to allow ssh
>> access from anywhere, I can ssh to root without a password. The only
>> uncommented lines in the /etc/ssh/sshd_config are the following:
>>
>> [snip]
>>
>> I'm hoping that someone can lead me in the right direction as I can't
>> figure this one out. If this was only one machine, I would assume
>
> Change / uncomment PermitRootLogin with a value of without-password
>
> I changed the line to read
> PermitRootLogin without-password
>
> It still allows a root login without a password or key.
>
> Protocol 2
> SyslogFacility AUTHPRIV
> PermitRootLogin without-password
> StrictModes yes
> PubkeyAuthentication yes
> PermitEmptyPasswords no
> PasswordAuthentication no
> ChallengeResponseAuthentication no
> GSSAPIAuthentication yes
> GSSAPICleanupCredentials yes
> UsePAM no
Also change that to
UsePAM yes
mark
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
