Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
Re: [suse-security] Disabling remote root login
  • From: Quintin Womack <qwomack@xxxxxxxxxxxxx>
  • Date: Tue, 25 Nov 2003 14:32:15 -0500 (GMT-05:00)
  • Message-id: <22437195.1069788755943.JavaMail.root@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

"auth required /lib/security/ item=user sense=allow file=/etc/sshusers onerr=succeed"
to /etc/pam.d/sshd
touch /etc/sshusers
chmod 500 /etc/sshusers
Add "username" to /etc/sshusers where username is the authorized user you would want to be able to login.

Hope this helps.

Quintin Womack

-----Original Message-----
From: "Watson, Michael" <MWatso@xxxxxxxxxx>
Sent: Nov 25, 2003 9:21 AM
To: "'suse-security@xxxxxxxx'" <suse-security@xxxxxxxx>
Subject: [suse-security] Disabling remote root login


I am experimenting with SuSE 9.0 professional and have encountered something
I don't understand.

I have disabled telnet, allowing only ssh for remote logins. Problem is, I
can ssh from Windows using putty to the test computer and login remotely as
root, even though my /etc/securetty includes only entries for tty1 through
tty6. I don't want to allow remote root logins.

I did find a reference elsewhere to a similar problem, which was caused by
/etc/pam.d/login having its lines for and
commented out. I've checked my /etc/pam.d/login, and the relevant lines

auth required
auth required

I was eventually able to disable remote root logins via ssh by setting
"PermitRootLogin" to "no" in /etc/ssh/sshd_config, but I'm still curious why
the settings in securetty don't seem to be working. Can anyone point out
what I'm missing?


Michael Watson

< Previous Next >