Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: deny ssh from root - how to?
Top Forums UNIX for Dummies Questions & Answers deny ssh from root - how to? Post 10581 by rwb1959 on Friday 16th of November 2001 03:10:26 PM
Old 11-16-2001
The short answer... YES.

You can simply not set up any "keys" in root's account.
If you can only log into the machine via ssh, only those
authorized users will have ssh capability (as themselves)
and can then "su" to root. Of course, if you have root access,
you can do anything you want including creating a ".ssh"
directory and place your own key into "authorized_keys"
thereby allowing ssh directly to root so you have to
set some policies up to make sure those with root access
do not violate them.
 

10 More Discussions You Might Find Interesting

1. AIX

Deny root rlogin

Hi, I have to forbid root-logins on all my servers, expect from two machines, these 2 machines login with root without a password it was quite easy with ssh, but I have a problem regarding rsh/rlogin, an there are a lot of rsh jobs, so it would take a lot of time to change all this... (4 Replies)
Discussion started by: funksen
4 Replies

2. AIX

Passwordless root authentication via SSH

Hello, I would like to issue a couple of commands as root on a remote machine without having to enter the root password. I used "ssh-keygen -t rsa" to generate the encryption keys, copied the public key to the remote machine, etc. I also tried playing around with the sshd_config file and... (3 Replies)
Discussion started by: sphericon
3 Replies

3. AIX

allow / deny root logins

Hello everyone I have to limit the root logins on my aix box (aix 5.3) I change the value on the /etc/security/user default (login and rlogin) change to false and add to root (rlogin and login = false) I tried in different ways but I got the same. Root still can login I try algo... (6 Replies)
Discussion started by: lo-lp-kl
6 Replies

4. Solaris

Deny root remote login help

I'm attempting to deny a user's ability to login as root through any remote means - ie telnet or ssh. I've read most of the threads that I can find on this site and I've looked at BigAdmin on Sun's site. I have done what has been suggested here and on BigAdmin which is to make sure that the line... (5 Replies)
Discussion started by: gonzotonka
5 Replies

5. Red Hat

How to block ssh via /etc/hosts.deny

Hi.., I am using redhat5 server, i want to know the details about to block ssh via /etc/hosts.deny. Need help immediately (1 Reply)
Discussion started by: thakshina
1 Replies

6. UNIX for Dummies Questions & Answers

Can't SSH as root anymore!

I've screwed something up in my sshd_config apparently, because I can't ssh with root anymore. I had disabled root login for security reasons, but then my ssh credentials with full administrative privelges stopped working. So then I reenabled root login (and reset ssh), but root now isn't... (3 Replies)
Discussion started by: cquarry
3 Replies

7. Solaris

Solaris 8: root can't ssh to other systems.

Hi, The issue is that root can not ssh to a Solaris 8 server: Please help. Thank you in advance! (7 Replies)
Discussion started by: aixlover
7 Replies

8. Solaris

ssh as root

Hi guys. I have two machines and I am using both as root. I need to know , is there a way by which I can ssh from Machine1 to Machine2 without giving the root password for Machine2. I actually need to write a script so that when its executed , it will ssh into another machine and run a... (4 Replies)
Discussion started by: Junaid Subhani
4 Replies

9. Solaris

Passwordless ssh for root

Hi Experts, I am trying to setup passwordless ssh for root between two of my solaris servers(say A & B). I have exchanged the public keys between both servers. Password less ssh working fine while I try to connect from Server A to Server B. However it is still asking password... (6 Replies)
Discussion started by: sai_2507
6 Replies

10. SuSE

Auditors want more security with root to root access via ssh keys

I access over 100 SUSE SLES servers as root from my admin server, via ssh sessions using ssh keys, so I don't have to enter a password. My SUSE Admin server is setup in the following manner: 1) Remote root access is turned off in the sshd_config file. 2) I am the only user of this admin... (6 Replies)
Discussion started by: dvbell
6 Replies

LEARN ABOUT SUSE

ssh-keysign

SSH-KEYSIGN(8)						    BSD System Manager's Manual 					    SSH-KEYSIGN(8)

NAME

     ssh-keysign -- ssh helper program for host-based authentication

SYNOPSIS

     ssh-keysign

DESCRIPTION

     ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with
     SSH protocol version 2.

     ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
     EnableSSHKeysign to ``yes''.

     ssh-keysign is not intended to be invoked by the user, but from ssh(1).  See ssh(1) and sshd(8) for more information about host-based authen-
     tication.

FILES

     /etc/ssh/ssh_config
	     Controls whether ssh-keysign is enabled.

     /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
	     These files contain the private parts of the host keys used to generate the digital signature.  They should be owned by root, read-
	     able only by root, and not accessible to others.  Since they are readable only by root, ssh-keysign must be set-uid root if host-
	     based authentication is used.

SEE ALSO

     ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY

     ssh-keysign first appeared in OpenBSD 3.2.

AUTHORS

     Markus Friedl <markus@openbsd.org>

BSD
								   May 31, 2007 							       BSD
All times are GMT -4. The time now is 12:41 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy