RE: cant block root login

From: Craig Smith (Craig.Smith_at_reuters.com)
Date: 08/13/04

  • Next message: Michele Chubirka: "RE: cant block root login"
    Date: Fri, 13 Aug 2004 14:57:59 +0100
    To: focus-sun@securityfocus.com
    
    

    Hi,

    OpenSSH will read /etc/default/login if 'UseLogin' is set to 'yes' in
    sshd_config.

    If a line is commented out it indicates this is the default behaviour,
    so you will need to uncomment and change PermitRootLogin to 'No' and
    then either restart sshd, or send a kill -1 to the sshd process (make
    sure you get the right process id....)

    Regards,

    Craig.

    -----Original Message-----
    From: Scott Howard [mailto:scott@sageau.virtual-server.net] On Behalf Of
    Scott Howard
    Sent: 13 August 2004 14:37
    To: Laurence Moughan
    Cc: focus-sun@securityfocus.com
    Subject: Re: cant block root login

    On Tue, Aug 10, 2004 at 11:25:52AM +0100, Laurence Moughan wrote:
    > I have a pile of solaris 8 machines @ 117000-01
    > Hardened and running openssh 3.8.1p1
    > with my /etc/default/login
    > CONSOLE=/dev/console

    OpenSSH doesn't read /etc/default/login (nor does Solaris 9 SSH,
    although Solaris 10 does)

    > and my sshd_config
    > #PermitRootLogin yes

    OK, so it's commented out and thus the default will be in effect.

    > However i can still ssh in and remotly login directly as root.

    So it sounds like the default value for PermitRootLogin is Yes.

    > Clues guys ?

    Put the following in sshd_config and restart sshd : PermitRootLogin No

      Scott

    --------------------------------------------------------------- -
            Visit our Internet site at http://www.reuters.com

    Get closer to the financial markets with Reuters Messaging - for more
    information and to register, visit http://www.reuters.com/messaging

    Any views expressed in this message are those of the individual
    sender, except where the sender specifically states them to be
    the views of Reuters Ltd.


  • Next message: Michele Chubirka: "RE: cant block root login"