NOUSER
Rick Stevens
rstevens at internap.com
Tue Aug 14 00:25:22 UTC 2007
On Mon, 2007-08-13 at 19:50 -0400, Michael Klinosky wrote:
> Vivek:
> >> James:
> >> (4) Most distros now ship with disallowing ROOT from directly
> >> SSHing into the box. But there are also other safeguards you can do.
> >> http://www.openssh.com/
>
> > Fedora/RHEL doesn't seem to be among those distros. But thankfully, it
> > is part of our server hardening process.
>
> Are you sure?
>
> I have F7; in sshd_config is this:
> #PermitRootLogin yes
>
> Iow, this must be un-commented to allow root login.
>
> Or, am I missing something here?
The commented-out items in a pristine sshd_config are the default
values. If you check the man page for sshd_config, you'll see:
PermitRootLogin
Specifies whether root can log in using ssh(1). The
argument must be “yes”, “without-password”,
“forced-commands-only” or “no”. The default is “yes”.
So uncomment the line and make it read
PermitRootLogin no
Then "service sshd restart" to make it take effect.
----------------------------------------------------------------------
- Rick Stevens, Principal Engineer rstevens at internap.com -
- CDN Systems, Internap, Inc. http://www.internap.com -
- -
- To err is human, to forgive, beyond the scope of the OS -
----------------------------------------------------------------------
More information about the users
mailing list