Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
Disabling remote root login
  • From: "Watson, Michael" <MWatso@xxxxxxxxxx>
  • Date: Tue, 25 Nov 2003 08:21:00 -0600
  • Message-id: <F414F4699FE1CF46B9DB1CE71D04BACB0138EB39@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

I am experimenting with SuSE 9.0 professional and have encountered something
I don't understand.

I have disabled telnet, allowing only ssh for remote logins. Problem is, I
can ssh from Windows using putty to the test computer and login remotely as
root, even though my /etc/securetty includes only entries for tty1 through
tty6. I don't want to allow remote root logins.

I did find a reference elsewhere to a similar problem, which was caused by
/etc/pam.d/login having its lines for and
commented out. I've checked my /etc/pam.d/login, and the relevant lines

auth required
auth required

I was eventually able to disable remote root logins via ssh by setting
"PermitRootLogin" to "no" in /etc/ssh/sshd_config, but I'm still curious why
the settings in securetty don't seem to be working. Can anyone point out
what I'm missing?


Michael Watson

< Previous Next >
Follow Ups