/etc/ssh/sshd_config add PermitRootLogin no On Wed, 8 Sep 2004 20:03:12 -0500, Will Trillich <[EMAIL PROTECTED]> wrote: > we wanted to disable root logins (i.e. make it so that the only > way to acquire root is via sudo or su after being logged in as a > valid non-root user -- much better for tracking who's done what). > > /etc/pam.d/login contains > > # Disallows root logins except on tty's listed in /etc/securetty > # (Replaces the `CONSOLE' setting from login.defs) > auth requisite pam_securetty.so > > and /etc/securetty contains nothing but comments -- and still we > could login from Out There (internet anywhere) as root. > > aha! > > /etc/pam.d/ssh contains instrux for ssh connections, and that's > what we were using to connect -- ssh! > > after copying the above lines into /etc/pam.d/ssh (immediately > below the > > auth required pam_nologin.so > > line) all is well. > > yesss! suddenly, root can't log in, not even via ssh. and to be > certain, we still can log in as non-root from wherever, and then > sudo and su when necessary. delightful! > > === > > if there's other intervening traps to look for, we'd like to > know about it. comments welcome. > > -- > I use Debian/GNU Linux version 3.0; > Linux boss 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i586 unknown > > DEBIAN NEWBIE TIP #48 from Will Trillich <[EMAIL PROTECTED]> > : > To peruse your CURRENT VIM SETTINGS (there's LOTS of them) > from within Vim, simply do > :options > You can change them there, on-the-fly, as well. Type > "ctrl-W ctrl-W" to switch "panes" or "ctrl-W q" to close one. > Try ":help" to learn more. > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
-- Debian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
