RE: cant block root login

From: Craig Smith (Craig.Smith_at_reuters.com)
Date: 08/13/04

  • Next message: Michele Chubirka: "RE: cant block root login"
    Date: Fri, 13 Aug 2004 14:57:59 +0100
    To: focus-sun@securityfocus.com
    
    

    Hi,

    OpenSSH will read /etc/default/login if 'UseLogin' is set to 'yes' in
    sshd_config.

    If a line is commented out it indicates this is the default behaviour,
    so you will need to uncomment and change PermitRootLogin to 'No' and
    then either restart sshd, or send a kill -1 to the sshd process (make
    sure you get the right process id....)

    Regards,

    Craig.

    -----Original Message-----
    From: Scott Howard [mailto:scott@sageau.virtual-server.net] On Behalf Of
    Scott Howard
    Sent: 13 August 2004 14:37
    To: Laurence Moughan
    Cc: focus-sun@securityfocus.com
    Subject: Re: cant block root login

    On Tue, Aug 10, 2004 at 11:25:52AM +0100, Laurence Moughan wrote:
    > I have a pile of solaris 8 machines @ 117000-01
    > Hardened and running openssh 3.8.1p1
    > with my /etc/default/login
    > CONSOLE=/dev/console

    OpenSSH doesn't read /etc/default/login (nor does Solaris 9 SSH,
    although Solaris 10 does)

    > and my sshd_config
    > #PermitRootLogin yes

    OK, so it's commented out and thus the default will be in effect.

    > However i can still ssh in and remotly login directly as root.

    So it sounds like the default value for PermitRootLogin is Yes.

    > Clues guys ?

    Put the following in sshd_config and restart sshd : PermitRootLogin No

      Scott

    --------------------------------------------------------------- -
            Visit our Internet site at http://www.reuters.com

    Get closer to the financial markets with Reuters Messaging - for more
    information and to register, visit http://www.reuters.com/messaging

    Any views expressed in this message are those of the individual
    sender, except where the sender specifically states them to be
    the views of Reuters Ltd.


  • Next message: Michele Chubirka: "RE: cant block root login"

    Relevant Pages

    • Re: Putty for SSH access
      ... If you are sure you want to allow direct SSH as root, edit your ... Add or uncomment a line that says "PermitRootLogin ... ....and restart sshd! ...
      (comp.os.linux.networking)
    • RE: cant block root login
      ... issues) with SSHD if you can avoid it. ... so you will need to uncomment and change PermitRootLogin to 'No' and ... Get closer to the financial markets with Reuters Messaging - for more ... sender, except where the sender specifically states them to be ...
      (Focus-SUN)