ssh allowing root login with no password

m.roth at 5-cent.us m.roth at 5-cent.us
Tue May 10 13:36:39 UTC 2011


Steven Buehler wrote:
> On 05/09/11 15:18, Steven Buehler wrote:
>> I am trying to setup our servers to only allow logins with a
>> public/private key pair.  2 of our machines have to have root login
>> access with ssh and the rest, we will login as another account and su
>> to root.  I just started with this company and on their boxes which
>> range from version 5.1 to 5.5, if I open up the firewall to allow ssh
>> access from anywhere, I can ssh to root without a password.  The only
>> uncommented lines in the /etc/ssh/sshd_config are the following:
>>
>>   [snip]
>>
>> I'm hoping that someone can lead me in the right direction as I can't
>> figure this one out.  If this was only one machine, I would assume
>
> Change / uncomment PermitRootLogin with a value of without-password
>
> I changed the line to read
> PermitRootLogin without-password
>
> It still allows a root login without a password or key.
>

> Protocol 2
> SyslogFacility AUTHPRIV
> PermitRootLogin without-password
> StrictModes yes
> PubkeyAuthentication yes
> PermitEmptyPasswords no
> PasswordAuthentication no
> ChallengeResponseAuthentication no
> GSSAPIAuthentication yes
> GSSAPICleanupCredentials yes
> UsePAM no

Also change that to
UsePAM yes

          mark




More information about the redhat-list mailing list