Disabling root login on ssh?
Sina Bahram
sbahram at nc.rr.com
Tue Aug 17 01:55:55 EDT 2004
Ok, let me take a look at that file...and I'll then email you both files if
it doesn't work. I really apppreciate the help.
Take care,
Sina
No trees were destroyed in sending this message; however, a large number of
electrons were terribly inconvenienced.
-----Original Message-----
From: speakup-bounces at braille.uwo.ca [mailto:speakup-bounces at braille.uwo.ca]
On Behalf Of Joseph C. Lininger
Sent: Tuesday, August 17, 2004 1:24 AM
To: Speakup is a screen review system for Linux.
Subject: RE: Disabling root login on ssh?
Hi there,
Two things. First, to fix your problem.
If you send me the following files, I
will take a look at them and provide you with any information you may need
to fix them:
/etc/pam.d/sshd
/etc/ssh/sshd_config
And just to be safe, send me this one as well:
/etc/pam.d/login
Now, to answer your questions about pam.
No, pam has nothing to do with kerberos, accept that pam modules could use
it I guess if you had the right one. Pam stands for plugable authentication
modules, and it is supposed to provide a uniform way for programs to
authenticate users. Programs that are written to support pam can easily
authenticate users according to pam's configuration, and the programs need
not have any knolege of how the authentication takes place. In some cases,
programs that do their own authentication can have their authentication
decisions ignored because of pam. This depends on how the program is
written. For example, if sshd were configured to check with pam for
authentication, whether or not the permitrootlogin setting were honored
would depend on when and how sshd checked it. If pam allowed the
authentication, and sshd just accepted that without any further checks, then
the permitrootlogin setting would make no difference. The good news is that
if this is the case, pam does have a module that allows authentication to be
automatically denied if the user requesting authentication is root.
Ok, I hope that cleared things up a little. I just finished doing some
reading up on pam, so if anyone has any questions, I can probably answer
them. <grin>
--
Joseph C. Lininger
jbahm at pcdesk.net
Note, the following is used for automated processing. Please lieve in tact
if quoting me in a reply.
Verification: 5eab38a77ac40416e075be8f50607ff7
On Mon, 16 Aug 2004, Sina Bahram wrote:
> Wait now...isn't pam a Kerberoes thing?
>
> I'm not sure about that at all, just I thought it was.
>
> I wil however, RTFM, and also RTFG for google *smile*
>
> But honest, I read all the documentation for this disabling root
> thing, and everyone says go do what I did....but I shall look at the
> pam.d sshd file, thank you
>
> Take care,
> Sina
>
> No trees were destroyed in sending this message; however, a large
> number of electrons were terribly inconvenienced.
> -----Original Message-----
> From: speakup-bounces at braille.uwo.ca
> [mailto:speakup-bounces at braille.uwo.ca]
> On Behalf Of Joseph C. Lininger
> Sent: Monday, August 16, 2004 7:27 PM
> To: Speakup is a screen review system for Linux.
> Subject: Re: Disabling root login on ssh?
>
> First, you must restart the sshd process for that to take effect. If
> that doesn't work, then your problem probably has to do with pam. Look
> in your /etc/pam.d directory, in the file called sshd.
> --
> Joseph C. Lininger
> jbahm at pcdesk.net
> Note, the following is used for automated processing. Please lieve
> intact if quoting me in a reply.
> Verification: 5eab38a77ac40416e075be8f50607ff7
> ----- Original Message -----
> From: "Sina Bahram" <sbahram at nc.rr.com>
> To: "'Speakup is a screen review system for Linux.'"
> <speakup at braille.uwo.ca>
> Sent: Monday, August 16, 2004 10:55 AM
> Subject: Disabling root login on ssh?
>
>
>> Hi guys,
>>
>> For some reason I can't get this to work, I uncommented the line in
>> my /etc/ssh/sshd_config file that reads PermitRootLogin yes and
>> changed it to no; however, it still allows me to login as root.
>>
>> What can I do to disable root login via ssh?
>>
>> Take care,
>> Sina
>>
>>
>> _______________________________________________
>> Speakup mailing list
>> Speakup at braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
_______________________________________________
Speakup mailing list
Speakup at braille.uwo.ca
http://speech.braille.uwo.ca/mailman/listinfo/speakup
More information about the Speakup
mailing list