SSH Keys & Direct Root Login Disabled

Jul 3, 2008

Currently I have a server that has direct root SSH access disabled (have to login as regular user then su to root), but I am currently working on setting up authentication via SSH keys, but I can't seem to get it working with direct root SSH access disabled? Is this normal, and if so is there anyway to work around it?

Basically I'd like to be able to authenticate both ways; both with SSH keys or by logging in as a regular user and su to root.

View 8 Replies


ADVERTISEMENT

Disabled Direct Root Login

Oct 24, 2009

im able to login to root via SU perfectly

One problem: All my old files and folders are owned by ROOT so that means my SU account named XXX cant edit/add/delete anything from my SFTP because of folder/file permission.

Is there anyway my SUDO(wheel) account can still edit these files own by ROOT?

View 3 Replies View Related

Disabling Direct Root Login

Apr 16, 2008

login as: hen
hen@xx.xx.xx.xx's password:
Last login:
hen@root [~]# su -
Password:
su: incorrect password

I verified that root password is correct, but no matter how many times I tried, I can't su in

Where's my su permission
-rwxr-xr-x 1 root wheel 24060 Mar 22 2007 /bin/su*

here's inside /etc/group
wheel:x:10:root,hen

View 14 Replies View Related

Disable Direct Root Login

May 16, 2007

I tried to disable direct root login but had to struggle to find step-by-step instructions and have written the steps one needs to follow to disable direct root login.


This is an additional security measure where we prevent direct root logins and instead create a user to login and then use a command ‘su –‘ to gain root privileges.

The only risk in this procedure is that you may prevent root login but forget to add the user to the wheel group - effectively locking yourself out of the system.

Follow the steps below and you will not face a problem.

STEP 1: Let us create a user and add it to the wheel group.

For e.g. we want to create a user neonix and give him root privileges.

SSH into your server as root and follow the below commands to create a user.

groupadd neonix

useradd neonix –gneonix

passwd neonix

enteryouruserpasswordhere

verifyyouruserpasswordhere

// Please note -g in the second line

// You can replace neonix with any username of your choice.

STEP 2: Add user to wheel group.

Use your browser to Login to your WHM panel and click on Manage Wheel Group Users.

You will see the user you just added (neonix). Select the user and click ‘Add to group’.

You will see that the user has been added –
Users Currently in the wheel group root,neonix

You have successfully added a user to the 'wheel' group who will be able to 'su -' to root.

LOGOUT OF SSH

Before we disable root login, let us check if the user can login and su – to gain root privileges.

SSH into your server as 'neonix'
Login as: neonix
Password : enteryouruserpasswordhere
su –
password: enter root password here

You have successfully logged in and have root privileges. Now let us disable root login.

STEP 3: Disable Direct Root Login

(The below steps are from webhostgear.com)

1. Copy and paste this line to edit the file for SSH logins
pico -w /etc/ssh/sshd_config

2. Find the line
Protocol 2, 1

3. Uncomment it (Remove #) and change it to look like
Protocol 2

4. Next, find the line
PermitRootLogin yes

5. Uncomment it (Remove #) and make it look like PermitRootLogin no

6. Save the file Ctrl+X then Y then enter

7. Now you can restart SSH
/etc/rc.d/init.d/sshd restart

Now, no one will be able to login to root with out first logging in as 'neonix' and 'su -' to root, and you will be forcing the use of a more secure protocol.

Just make sure you remember both passwords!

View 14 Replies View Related

Disabling SSH Root Access But Enabling SSH Keys How To Do That

Apr 3, 2009

in order to secure my server against instrusion, i disabled ssh root login and created a user for myself. however in order to access the user i need to enable SSH Password authentication

I dont enable password authentication all the time and i keep it disabled unless i need to do something via ssh.

Now my question will be, is there a way to keep the user i created and keep the root login disabled and password authentication disabled but use ssh keys for the user i created?

I was informed that if i opt to login to ssh via the user i created, the only way to do that is to enable password authentication as it cannot work with ssh keys. is this true?

I really hope someone can help me how to use the user i created together with ssh keys so i dont have to enable password authentication when loggin to ssh

View 7 Replies View Related

Is There A Way To Block Direct Cpanel Login

Jan 24, 2007

I use a login script on my hosting site. and i was wondering if there was any way or any program that would allow me to Block people from going mydomain.com then cpanel?

And forcing them to go to my site to use the cpanel login script on my website?

Im sure that if there was a way to disable Cpanel login it would aslo block the scipt on my site.

Is there a solution to my little perdicament here?

Any software or scripts that do what im looking for?

View 9 Replies View Related

Which Is More Secure , Using Public Key Or Direct Login

Aug 15, 2007

I was worry about which is more seucre to login to the server

disabling the direct login and using the public key (ssh-dss) with 2084 bit length ?

or use the direct login?

and if the public key is more secure , should we use passphrase when generating the key? or no?

View 11 Replies View Related

Direct Admin : Root Ownership

May 15, 2007

I'm Running (just) Direct Admin On a Centos 4.3

Due to a typo at the comand line as Root, ive manages to change the owner ship of unknown mounts of files.

The command that was processed (Before it was complete)

chown -R reseller:reseller /

I managed to stop the process ctr+c
and these were the last files to see fly past.
The last one in the list is where it stopped at.

Code:
chown: changing ownership of `/proc/11566/task/11566': Operation not permitted
chown: changing ownership of `/proc/11566/task/11566/fd/0': No such device or address
chown: changing ownership of `/proc/11566/fd/0': No such device or address
chown: changing ownership of `/proc/11572': Operation not permitted
chown: changing ownership of `/proc/11572/task/11572': Operation not permitted
chown: changing ownership of `/proc/11572/task/11572/fd/4': No such file or directory
chown: changing ownership of `/proc/11572/task/11572/cwd': Operation not permitted
chown: changing ownership of `/proc/11572/fd/4': No such file or directory
chown: changing ownership of `/proc/11572/cwd': Operation not permitted
chown: changing ownership of `/etc/X11/X': No such file or directory
chown: changing ownership of `/dev/core': Operation not permitted
chown: changing ownership of `/usr/local/include/libpng/libpng12':

Too many levels of symbolic links

At the moment the server is still running and it seems only to be log in issues with Direct admin. All user / reseller / Admin accounts can no longer log in.

Error after logging in : Unable to determine Usertype user.conf needs to be repaired
No images or nothing

View 4 Replies View Related

Can Not Login Root From SSH, LT- To Do KVM Over IP

Dec 11, 2008

can not login root from SSH, LT suggest me to do KVM over IP

View 4 Replies View Related

CPanel Root Login

May 28, 2009

Is it possible to disable direct root login on Cpanel servers?

if yes, please how.

If not, what would be the best to do to secure 'root' account.

View 14 Replies View Related

How Do I Disable Root Login For WHM

Oct 18, 2009

Meaning you can't use the user root to login to WHM.

Is that possible?

View 14 Replies View Related

Accessing A Red Hat Box Without The Root Login

Jan 23, 2008

We have an internal server running Red Hat 8 or 9 that was taken offline at least 18 months ago. The guy who set up the box is long gone. Unfortunately with him went the root password. It wasn't a big deal until we realized there is some code we do want to get off of that box now that may be useful in a future project. In particular the database structure for one project. Is there any way to get access to this data or is it just lost?

View 3 Replies View Related

E-mail Alert On Root SSH Login

Jun 3, 2009

Want to be notified instantly when someone logs into my server as root With date time & local IP address

View 12 Replies View Related

Can Not Login To Decated Server By Root User

Aug 1, 2007

i can not login to my decated server by using root. the password is not correct.. becasue i did something wrong with my server. i used chmod 777 -R /public_hmtl and chown to modify my server. and i can not login anymore, LT asked me to reload my server, do i need to reload it?

View 6 Replies View Related

How To Automatically Send Email When Someone Login Server Via ROOT

Jun 8, 2009

I want to have an email alert everytime someone login into my server using ROOT user.

The server is based on Linux system.

View 10 Replies View Related

Plesk 11.x / Linux :: Root Login To Backup All Database

Mar 12, 2015

Any way to backup every SQL Databases at once ?

At the moment i need to configure each subscription on my backup program to backup each sql database.

there is any way to set a login that back's up all the databases?

And for the ftp files?

View 1 Replies View Related

Plesk 12.x / Linux :: Difference Between Login - Root And Admin?

Apr 3, 2015

During the installation of Plesk, at first it used the root password, and then had me create an "admin" user.

When I log in using either I don't see any difference in the UI or options. Is there a difference or a reason to use one over the other?

Or is it just to give someone access to admin Plesk without giving them full root password of the server itself?

View 3 Replies View Related

Are Chained Root Ssl Certificates More Secure Than Single Root?

Nov 25, 2008

I have read that although chained root ssl certificates can be more difficult to install they are actually more secure since the root certificate cannot be compromised, only the intermediary.

Is this true? It looks like both google and amazon both use chained SGC certs.

View 0 Replies View Related

SSH Keys

May 13, 2009

I am trying to create an ssh key pair to allow rsync without passwrods between two debian boxes.

I have Main server which I want to push data to Backup server

I have followed the tutorial at [url]but this does not work when I ssh or rsync eaither from main server to backup server or ther other way it still requires password.

View 2 Replies View Related

Ssh Keys And Whm

Jul 4, 2008

I have a problem w whm/cpanel and my server.

Im starting to use private/pub keys for ssh access, so far i can access the server via ssh w the key (ive disabled pass access in sshd_conf) but when i want to copy accounts from this server (the one w ssh key) trough the whm interface to another who hasnt key it doesnt work... am i missing something?

View 3 Replies View Related

Ssh Keys !

Feb 7, 2007

i have my own centos server . i want to let some of my friends to login to my box using ssh keys , so i set an authorized_keys file to have their pubic_keys.

Now , my question is how can i limit the commands they can execute?

i mean let them just only "rsync" their files from their boxes to mine , without any ability to execute any other commands or even loging to my box!

View 4 Replies View Related

SSH Keys

Dec 24, 2007

I'm having a problem with SSH keys (they don't work out of the box correct with cPanel) I bilieve the error is in my sshd_conf, but if someone could assist me with what settings that should be uncommented that would be helpful.

Anyways, just some history of what I did so far:

Generated a passphraseless key within Server(A1). Took the public key (not the private, left the privat on the server itself) and transferred it to a file authorized_keys on Server(B2).

Chmod that file to 600. Then ran the following command:

ssh -v -i /root/.ssh/authorized_keys -p 1234 root@xxx.i.p.xxx

First I still get asked for a passphrase (which is wierd since it's suppose to be passphraseless), then when I just press enter (to signify that there is no passphrase), I get the following error:

Permission denied (publickey,gssapi-with-mic).

View 3 Replies View Related

SSH Keys... Where Is .ssh

Sep 24, 2007

I am currently running Cent OS 5...where do I find the directory or file to add my public key to?

View 9 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved