|
|||
prevent root ssh access
Hello, ok i want to prevent root access via ssh over network, thing is i need to have
Code:
PermitRootLogin without-password so need to find another method, i did find a guide that said Code:
Edit /etc/securetty comment out everything except for the lines * console * tty1 * v/tty1 thing is this file is not on my freeebsd 6.3 ? cheers |
|
||||
Why not just set PermitRootLogin no per sshd_config(5)?
|
|
|||
Thanks for replies, the server is running hsphere and so requires that i have
Code:
PermitRootLogin without-password cheers |
|
||||
According to http://www.forum.psoft.net/showthread.php?t=23824 you require without-password in order for two hsphere servers to transfer data.
"without-password' means password authentication cannot be used for root sessions, hence some other authentication method must be used. According to the same link, Hsphere uses shared keys. A properly functioning ssh(1) client will not prompt for passwords. Brute force scripts (ssh attacks) don't use real ssh clients and will submit passwords anyway, which sshd(8) will ignore, though it will tell you about them it its logs. Choices:
Last edited by jggimi; 17th December 2009 at 11:02 AM. |
|
|||
you cannot change the default port for SSH for hsphere because you're going to need to change it in all script and some are compiled so you can't do it.
And if the CP can't talk to other machine its all your setup that going to stop working. Anyway with "without-password" the guy need to have access to your machine first to generate a key to put it on his machine to after that login. Even with this option you can't log with the root password directly. If you concern about security about your SSH, your best choice here is to add Firewall to limit access to SSH to have 1 machine behind is to accept SSH. |
|
|||
Oh yeah true, my bad, I had something else in my mind when I have write that part
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
root on ZFS | gkontos | FreeBSD Installation and Upgrading | 12 | 18th December 2009 09:43 AM |
ssh key access non root users | carpman | FreeBSD Security | 7 | 12th August 2009 06:09 PM |
Prevent users from using proxy | bichumo | General software and network | 8 | 20th April 2009 01:00 PM |
ssh root | Nk2Network | OpenBSD Security | 22 | 8th April 2009 06:59 PM |
root mail | sheriff26 | FreeBSD General | 5 | 2nd July 2008 04:56 PM |