Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| Security Discuss UNIX and Linux computer and network security, cybersecurity, cyberattacks, IT security, CISSP, OWASP and more. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| What are the configeration need to done to enable sftp connection to Windows m/c | GIC1986 | SUN Solaris | 15 | 09-10-2008 04:40 AM |
| How to Enable TELNET for root user | sakthi_13 | Linux | 3 | 09-09-2007 02:34 AM |
| Sun ONE Web Server 6.1 - enable SSL? | AJD | SUN Solaris | 1 | 05-28-2004 08:42 AM |
| new office - no network connection! | colesy | IP Networking | 1 | 03-27-2003 10:55 AM |
| How to Enable locked root account | Syed_45 | UNIX for Dummies Questions & Answers | 2 | 10-04-2002 10:10 PM |
 |
Powered by 
|
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
03-31-2009
|
||||
|
||||
|
Enable SSH for root over certain network connection of a server...is it possible?
Hi - I have a SUSE Enterprise Linux Server V9 that I have an issue with. Policy says that root connectivity via ssh needs to be disabled. So, to do that, I made the following change in the sshd_config section:
# Authentication: #LoginGraceTime 2m #PermitRootLogin yes PermitRootLogin no #StrictModes yes #MaxAuthTries 6 The issue is that a utility that the vendor uses uses root to connect via ssh across the two servers in our configuration to collect logging and reporting information. when I disable root login in sshd_config, it breaks their utility. I asked why they would have it run as root and not as some privledged account...but I have not received an answer yet. In our configuration, we have 3 networks (2 are private networks and 1 is connectivity to the corporate network.) My question, is it possible to disable root Login via ssh for some network segments but not others? |
|
03-31-2009
|
||||
|
||||
|
Only by running separate sshds on all network interfaces.
The better way to do this is AllowRootLogin without-password or AllowRootLogin forced-commands-only, then generate a public/private keypair for the vendor and restrict what they can do with the "command" option in ~root/.ssh/authorized_keys. |
|
03-31-2009
|
||||
|
||||
|
The best solution are usualy the simpler ones:
Have the vendor use a different id than root. if not possible use ssh key as mentioned by geekosaur. you can even restrict that key usage to the specific script that need to be run -Laurent |
|
03-31-2009
|
||||
|
||||
|
Oh, and another alternative is to give the vendor a non-root account and have them use sudo with restrictions in /etc/sudoers. The vendor might not be willing to play along with this, though.
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Hybrid Mode
