Todd Zullinger wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Don Russell wrote:
I was surprised to find that I can log in as root via ssh from my
Windows machine to my FC5 box.
Why? Just curious what made you believe it was disabled by default.
Well.... just ignorance on my part.... but ftp doesn't allow me log in
as root, and I don't recall changing that setting. Call it "I expected
any form of remote access to be consistent in denying root access". Of
course they are different programs (ftp server/ssh server)... and I
always see messages that say "... ssh in, then su - to root...." sort of
implies that ssh to root directly won't work. But again, abad assumption
on my part. :-(
I've always used ssh to log in as a user then 'su -' ....
I don't see anything in /etc/ssh/sshd_config to prevent that, or
enable it for that matter?
Line 39 in the default /etc/ssh/sshd_config:
The comments at the top indicate that commented values should
represent the defaults.
Now that it's pointed out to me, of course I see that. :-) Thank you.
One of these days I will learn how to do a case-insensitive search in
I did /root and of course it came up empty... so I figured there must
have been some other place...
What do I need to change so root can't be logged in via ssh? Or is
it letting me because it recognizes a key?
Uncomment the above line and change yes to no.
You might also want to disable password based authentication and only
allow a few explicit users. See PasswordAuthentication and AllowUsers
in the sshd_config(5) man page.
That's a good idea.... I'm the only one that needs remote access.... and
my logs are always showing people "knocking at the door" sometimes
hundreds a day.
Thanks... now, if only it wouldn't bother asking for a password when the
userid is 'root'.. like ftp simply denies the request right there. But,
at least that little door is closed now. :-)