I have found that using the PermitRootLogin setting in YaST2 doesn't seem
to work. I have emailed support about it and am awaiting a reply. It seems
to be happy to add in the line when the setting is "yes", but simply
deletes the line when you change it, perhaps relying on a default setting
that has changed.
Or maybe I am just going quietly mad. I ended up having to downgrade the
security settings from paranoid to secure because it became pretty much
impossible to get into the box and do anything. Great, except all my admin
is going to have to be remote, and it appears that the only person who can
use sudo under the paranoid setting was root...
Getting into the box via sshd is no problem, and using "sudo command"
rather than "su root" means you don't have to disclose the root password to
administrators, plus what they do is usually caught by the logs. You should
also be able to use "sudo rxvt" over ssh to get a secure root X session as
well, after logging in as a user.
TTFN,
Marco van Beek
-----Original Message-----
From: Geordon VanTassle [SMTP:gvantass@thecoventree.com]
Sent: Tuesday, April 24, 2001 7:25 PM
To: Robert Sweet; suse-security@suse.com
Subject: Re: [suse-security] sshd lets root login! Bug?
It's just a configuration thing.
grep RootLogin /etc/ssh/sshd_config
On my firewall, I have PermitRootLogin set to no and I cannot ssh to it as
root. However, I *can* ssh as $USER and then su to root.
HTH
----- Original Message -----
From: "Robert Sweet"
How can we ssh into a box when root login is disabled. We have Marc Heuses New Firewall script running on a 7.1 Suse box using 2.4 kernel. Here are the open ports:
Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ ) Interesting ports on YaddaYaddaYadda (XXXXXXXXXXX): (The 1516 ports scanned but not shown below are in state: filtered) Port State Service 21/tcp open ftp 22/tcp open ssh 25/tcp closed smtp 53/tcp open domain 80/tcp open http 113/tcp closed auth 123/tcp closed ntp
Here is root logged on my friend's box locally and me logged in as root using ssh. root tty1 Apr 21 11:34 root tty2 Apr 21 11:38 root pts/0 Apr 21 11:35 (My.Box.At.Home) root pts/1 Apr 21 11:54 (My.Box.At.Home)
Here is the output of /etc/securetty on the bad box:
tty1 tty2 tty3 tty4 tty5 tty6 # for devfs: vc/1 vc/2 vc/3 vc/4 vc/5 vc/6
Any help on this one would be appreciated. We have shutdown sshd for now. Thanks -- _ _ __ _____ _____ ___| |_ | '__| / __\ \ /\ / / _ \/ _ \ __| | | _ \__ \\ V V / __/ __/ |_ |_|(_) |___/ \_/\_/ \___|\___|\__| rsweet@socal.rr.com "unix soit qui mal y pense."
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com