Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: remote ssh for root

from [Darren Tucker] Network Security [Permanent Link]
Subject: Re: remote ssh for root
Date: Sat, 07 May 2005 15:43:39 +1000
daniel.engelsen@caremark.com wrote: 
I would like to setup a trusted host that utilizes ssh; however, I do not
want root to be loginable.  If I set PermitRootLogin to no, then the remote
ssh function stops as well.  Does anyone know of a way to be able to do
remote ssh's as root without allowing root to be able to login?

You can disable other root login methods (telnet, rsh) while still allowing ssh by setting root's rloing attribute to false (ie PermitRootLogin overrides root's rlogin attribute). This will work on OpenSSH 3.8x, not sure about 3.6x.

If you're using public-key authentication you can put restrictions on the key (eg "no-pty" or "command="), see the sshd man page.

There's not much point in trying to deny an interactive logins if you permit arbitary commands (consider the difference between "ssh remotehost" and "ssh remotehost /bin/sh -i" or "ssh -t remotehost /bin/sh -i").

I am using AIX versions 5.1, 5.2, and 5.3, and we are running ssh versions
3.6 and 3.8.


--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Binding ssh to a loopback address, Darren Tucker
Next by Date:  Re: Binding ssh to a loopback address, Chen Peng Lim
Previous by Thread:  remote ssh for root, daniel . engelsen
Next by Thread:  RE: remote ssh for root, Don Gray
Indexes:  [Date] [Thread] [Top] [All Lists]