Re: Working sshd_config to restrict root logins to designated hosts



On Dec 4, 5:07 am, mlel...@xxxxxxxxxx (Michael van Elst) wrote:
Nico Kadel-Garcia <nka...@xxxxxxxxx> writes:
* SSH key access is blocked for root.

How can you select (or deny) authentication methods for a specific user?

You could run two ssh daemons on different ports (or IP addresses), one
that forbids SSH keys but only allows root access. And one that
allows SSH keys but forbids root access.

This is a workable technique. It does maintaining two sets of init
scripts and sshd_config files, which is more awkard to deploy.
.



Relevant Pages

  • Re: Working sshd_config to restrict root logins to designated hosts
    ... You could run two ssh daemons on different ports, ... that forbids SSH keys but only allows root access. ...
    (comp.security.ssh)
  • RE: redhat-list Digest, Vol 23, Issue 9
    ... encrypt password for Kickstart ... I would be careful of using the wheel group to allow ssh logins, as admins typically use this group in sudoers file to grant root access for non-root users; granting the wheel group ssh logins as well as root access is essentially allowing root access over ssh anyway; although an outside attacker would at least have to guess the non-root user's id and password. ...
    (RedHat)
  • Re: port forwarding timeouts
    ... I'm fairly conversant with fundamental concepts of Unix ... as well as SSH JB> If it's truely ... >> frequently require remote root access, ...
    (comp.security.ssh)
  • RE: is this an intruder?
    ... granting the wheel group ssh logins as well as root access is ...
    (RedHat)
  • Re: Is OpenSSH 3.5p1 secure?
    ... Do not allow root access over ssh. ... Do allow access over ssh for one and only one user. ... NOTHING is perfectly secure. ...
    (comp.security.ssh)