-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
The first requirement is simple. Add the line PermitRootLogin no or change it accordingly, and reload the SSH daemon. For the second: do you want to disallow any logins via passwords, or are the to be allowed once to set up the keys? The first is easy, with the line PasswordAuthentication no The latter isn't possible, as far as I know, with the vanilla OpenSSH daemon. Regards, /peter Am 17.02.2016 um 15:08 schrieb Tom Browder: > I have several remote Debian 7 servers and would like to secure it > in the following manner: > > 1. root will not be allowed any external access (access is only via > a user becoming root while logged in) > > 2. after initial setup, no ssh access will be allowed via a > password > > I have seen much documentation on securing such a host, but I > don't want to be an expert--I just need a recipe. > > Many thanks. > > Best regards, > > -Tom > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWxIJrAAoJEM+6Ng5pbtyZc1gP/jjPfucXz7DvaGuAOmiSeKof rBcS+oTU4znY57+whr0cNW+douaH/f7d7Vwcun5b3IUA1EUFHC9G74/CR4bU3XbD aEKeBGIF6eUVw6jE0Sh5aFs6D+AoFePZKurs173azjfgFcveynYv3eSbzWk/e60U KgRwtoSRLQu3wKZLJh/lR4/Ukx+spEvGzGvtc3PdkioT79u3OxdSw/FFm8r0N4qH ifcX2R6hE4HsoVM3QMbEIxhiwbs63+j8Mu0ASfagLsPi1MqKBfLg5Iy1JeV5d1ND plrDFaSRrzfJqNqO8nxwtUxji9ruQ1XkBo3DvdmXc/ZwOiJzNSCM/wvHuTupCq1x gn3WfCEKryAZEmUx092CYFtbTLZ2Bu3A0vOHeFdiC2qGNqB85dicmhpMoouAnzq4 NaWDLJHXB8zdkvUL+zRIkoqACH8sBohogrqbnQAXCtJ+9LRqANdlvKs+F2Dp0eGE GNIU3cscy6RtXYUDVFRFFgwp4oLOx3fE7Lv8EEV8o38KE7v712aNqzsCn8VuirWq KHSoeUPTtD9o/0z4EOXRbMtwEPDgQjsUOHNPR73YNO/EJluNRA7JJ6E2aIkNTF8f RwoWD9GhSi1CKzATn9GuaikejrpVGIFfSvdirVDgTOcuW82wfPiL1yyBhw6Kr2Y4 alA2W8K9y7InpEC1I/Ik =S5IF -----END PGP SIGNATURE-----