Hello Jim, What you want in your sshd_config is PermitRootLogin NO. You'll still be able to login on the VM console.
In your /etc/sudoers Cmnd_Alias SUSAM = /bin/su - sam , /bin/su sam joe ALL=SUSAM The joe types "sudo su - sam" Marcy "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of James Melin Sent: Thursday, December 07, 2006 2:02 PM To: [email protected] Subject: [LINUX-390] Root, SSH and Console login Hello List! I've been wondering how one might prevent SSH logon to root, and still have the ability to logon at the console logon presented to the VM guest ID. We've implemented sudo quite effectively, but we're not sure how to lock down direct SSH root logon and if it would actually have any impact against console logon which we would want to keep in case of epic disaster. Also, is there a way to allow user 'joe' to su to user 'sam' but NOT allow him to su to root, thus bypassing sudo? So far all I've come up with on restricting su is an all or only root approach. Any insight appreciated. Thanks! -J ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
