|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
deny ssh from root - how to?
Post 10594 by PxT on Friday 16th of November 2001 05:53:12 PM
11-16-2001
|
|
10 More Discussions You Might Find Interesting
1. AIX
Hi,
I have to forbid root-logins on all my servers, expect from two machines, these 2 machines login with root without a password
it was quite easy with ssh, but I have a problem regarding rsh/rlogin, an there
are a lot of rsh jobs, so it would take a lot of time to change all this... (4 Replies)
Discussion started by: funksen
4 Replies
2. AIX
Hello,
I would like to issue a couple of commands as root on a remote machine without having to enter the root password. I used "ssh-keygen -t rsa" to generate the encryption keys, copied the public key to the remote machine, etc.
I also tried playing around with the sshd_config file and... (3 Replies)
Discussion started by: sphericon
3 Replies
3. AIX
Hello everyone
I have to limit the root logins on my aix box (aix 5.3)
I change the value on the /etc/security/user
default (login and rlogin) change to false
and add to root (rlogin and login = false)
I tried in different ways but I got the same.
Root still can login
I try algo... (6 Replies)
Discussion started by: lo-lp-kl
6 Replies
4. Solaris
I'm attempting to deny a user's ability to login as root through any remote means - ie telnet or ssh. I've read most of the threads that I can find on this site and I've looked at BigAdmin on Sun's site. I have done what has been suggested here and on BigAdmin which is to make sure that the line... (5 Replies)
Discussion started by: gonzotonka
5 Replies
5. Red Hat
Hi..,
I am using redhat5 server, i want to know the details about to block ssh via /etc/hosts.deny. Need help immediately (1 Reply)
Discussion started by: thakshina
1 Replies
6. UNIX for Dummies Questions & Answers
I've screwed something up in my sshd_config apparently, because I can't ssh with root anymore.
I had disabled root login for security reasons, but then my ssh credentials with full administrative privelges stopped working. So then I reenabled root login (and reset ssh), but root now isn't... (3 Replies)
Discussion started by: cquarry
3 Replies
7. Solaris
Hi, The issue is that root can not ssh to a Solaris 8 server:
Please help. Thank you in advance! (7 Replies)
Discussion started by: aixlover
7 Replies
8. Solaris
Hi guys.
I have two machines and I am using both as root. I need to know , is there a way by which I can ssh from Machine1 to Machine2 without giving the root password for Machine2.
I actually need to write a script so that when its executed , it will ssh into another machine and run a... (4 Replies)
Discussion started by: Junaid Subhani
4 Replies
9. Solaris
Hi Experts,
I am trying to setup passwordless ssh for root between two of my solaris servers(say A & B).
I have exchanged the public keys between both servers.
Password less ssh working fine while I try to connect from Server A to Server B.
However it is still asking password... (6 Replies)
Discussion started by: sai_2507
6 Replies
10. SuSE
I access over 100 SUSE SLES servers as root from my admin server, via ssh sessions using ssh keys, so I don't have to enter a password. My SUSE Admin server is setup in the following manner:
1) Remote root access is turned off in the sshd_config file.
2) I am the only user of this admin... (6 Replies)
Discussion started by: dvbell
6 Replies
LEARN ABOUT DEBIAN
config::model::backend::augeas
Config::Model::Backend::Augeas(3pm) User Contributed Perl Documentation Config::Model::Backend::Augeas(3pm) NAME
Config::Model::Backend::Augeas - Read and write config data through Augeas SYNOPSIS
# model specification with augeas backend { config_class_name => 'OpenSsh::Sshd', # try Augeas and fall-back with custom method read_config => [ { backend => 'augeas' , file => '/etc/ssh/sshd_config', # declare "seq" Augeas elements sequential_lens => [/AcceptEnv AllowGroups [etc]/], }, { backend => 'custom' , # dir hardcoded in custom class class => 'Config::Model::Sshd' } ], # write_config will be written using read_config specifications element => ... } DESCRIPTION
This class provides a way to load or store configuration data through Config::Augeas. This way, the structure and commments of the original configuration file will preserved. To use Augeas as a backend, you must specify the following "read_config" parameters: backend Use "augeas" (or "Augeas")in this case. save Either "backup" or "newfile". See "Constructor" in Config::Augeas for details. file Name of the configuration file. sequential_lens This one is tricky. Set to one when new Augeas list or hash node must be created for each new list or hash element. See "Sequential lens" for details. For instance: read_config => [ { backend => 'augeas' , save => 'backup', file => '/etc/ssh/sshd_config', # declare "seq" Augeas elements sequential_lens => [/AcceptEnv AllowGroups/], }, ], Sequential lens Some configuration files feature data that must be written as list or as hash. Depending on the syntax, Augeas list or hash lenses can be written so that new "container" nodes are required for each new element. For instance, "HostKey" lines can be repeated several times in "sshd_config". Since Augeas must keep track of these several lines, Augeas tree will be written like: /files/etc/ssh/sshd_config/HostKey[1] /files/etc/ssh/sshd_config/HostKey[2] /files/etc/ssh/sshd_config/HostKey[3] and not: /files/etc/ssh/sshd_config/HostKey/1 /files/etc/ssh/sshd_config/HostKey/2 /files/etc/ssh/sshd_config/HostKey/3 The "HostKey" node is created several times. A new hostkey must be added with the following syntax: /files/etc/ssh/sshd_config/HostKey[4] and not: /files/etc/ssh/sshd_config/HostKey/4 So the "HostKey" lens is sequential. The situation is more complex when syntax allow repeated values on several lines. Like: AcceptEnv LC_PAPER LC_NAME LC_ADDRESS AcceptEnv LC_IDENTIFICATION LC_ALL Augeas will have this tree: /files/etc/ssh/sshd_config/AcceptEnv[1]/1 /files/etc/ssh/sshd_config/AcceptEnv[1]/2 /files/etc/ssh/sshd_config/AcceptEnv[1]/3 /files/etc/ssh/sshd_config/AcceptEnv[2]/4 /files/etc/ssh/sshd_config/AcceptEnv[2]/5 Note that the first index between squarekeeps track of how are grouped the "AcceptEnv" data, but the real list index is after the slash. Augeas does not require new elements to create "AcceptEnv[3]". A new element can be added as : /files/etc/ssh/sshd_config/AcceptEnv[2]/6 So this lens is not sequential. The same kind of trouble occurs with hash elements. Some hashes tree are like: /files/etc/foo/my_hash/my_key1 /files/etc/foo/my_hash/my_key2 Others are like: /files/etc/foo/my_hash[1]/my_key1 /files/etc/foo/my_hash[2]/my_key2 Note that a list-like index is used with the hash key. This also depends on the syntax of the configuration file. For instance, "Subsystem" in "sshd_config" can be : Subsystem sftp /usr/lib/openssh/sftp-server Subsystem fooftp /usr/lib/openssh/fooftp-server Subsystem barftp /usr/lib/openssh/barftp-server This (unvalid) sshd configuration is represented by: /files/etc/ssh/sshd_config/Subsystem[1]/sftp /files/etc/ssh/sshd_config/Subsystem[2]/fooftp /files/etc/ssh/sshd_config/Subsystem[3]/barftp Any new Subsystem must be added with: /files/etc/ssh/sshd_config/Subsystem[4]/bazftp In this case, the hash is also sequential. For these examples, the augeas backend declaration must feature: sequential_lens => [qw/HostKey Subsystem/], Augeas backend limitation The structure and element names of the Config::Model tree must match the structure defined in Augeas lenses. I.e. the order of the element declared in Config::Model must match the order required by Augeas lenses. Sometimes, the structure of a file loaded by Augeas starts directly with a list of items. For instance "/etc/hosts" structure starts with a list of lines that specify hosts and IP addresses. The "set_in" parameter specifies an element name in Config::Model root class that will hold the configuration data retrieved by Augeas. Log and trace This module use Log::Log4perl to log debug and info trace with "Data::Read" and "Data::Write" categories. CAVEATS
o Augeas "#comment" nodes are ignored SEE ALSO
o http://augeas.net/ : Augeas project page o Config::Model o Augeas mailing list: http://augeas.net/developers.html o Config::Model mailing list : http://sourceforge.net/mail/?group_id=155650 AUTHOR
Dominique Dumont, <ddumont at cpan dot org@<gt> COPYRIGHT
Copyright (C) 2008-2010 by Dominique Dumont LICENSE
This library is free software; you can redistribute it and/or modify it under the LGPL terms. perl v5.14.2 2012-07-10 Config::Model::Backend::Augeas(3pm)