ssh allowing root login with no password
Sites, Brad
BSites at mem-ins.com
Mon May 9 19:32:17 UTC 2011
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Steven Buehler
Sent: Monday, May 09, 2011 2:19 PM
To: redhat-list at redhat.com
Subject: ssh allowing root login with no password
I am trying to setup our servers to only allow logins with a
public/private
key pair. 2 of our machines have to have root login access with ssh and
the
rest, we will login as another account and su to root. I just started
with
this company and on their boxes which range from version 5.1 to 5.5, if
I
open up the firewall to allow ssh access from anywhere, I can ssh to
root
without a password. The only uncommented lines in the
/etc/ssh/sshd_config
are the following:
Protocol 2
SyslogFacility AUTHPRIV
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM no
PubkeyAuthentication yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
GatewayPorts yes
X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-server
I'm hoping that someone can lead me in the right direction as I can't
figure
this one out. If this was only one machine, I would assume that it
might
have been hacked, but this is all of their servers and VM's that will
allow
me to ssh to them without a login/password and get into root. Luckily,
they
have always had their (supposedly anyway) iptables set to only allow
access
from specific IP's.
Thanks
Steve
[[Brad Sites]] I would look in /root/.ssh. I bet they have an
authorized_keys file there along with known_hosts. That is where I
would start looking.
-Brad
More information about the redhat-list
mailing list