SSH strong
- Thread starter LolliS
- Start date
tillo
Verified User
What scsi meant is that there is no point in creating a user that can only run "su", but I guess that's not what you want to do.
What you want to do is login via SSH via a normal user, block direct SSH access for root and allow "sudo" access to the normal user. Am I right?
To use "su" you need the root password and it can't be limited to a set of users; "sudo" asks for the user password, permits only a limited set of commands (if set to do so) and is much more secure. Learn how to configure and use it.
To block SSH access for root use "PermitRootLogin No" within /etc/ssh/sshd_config but make sure you can login with another user first.
The user can be created with DirectAdmin (with the SSH option checked) or, if you just need the system user and anything else, run 'adduser' or 'useradd'. Remember to add "AllowUsers <username>" at the end of /etc/ssh/sshd_config to permit SSH login.
What you want to do is login via SSH via a normal user, block direct SSH access for root and allow "sudo" access to the normal user. Am I right?
To use "su" you need the root password and it can't be limited to a set of users; "sudo" asks for the user password, permits only a limited set of commands (if set to do so) and is much more secure. Learn how to configure and use it.
To block SSH access for root use "PermitRootLogin No" within /etc/ssh/sshd_config but make sure you can login with another user first.
The user can be created with DirectAdmin (with the SSH option checked) or, if you just need the system user and anything else, run 'adduser' or 'useradd'. Remember to add "AllowUsers <username>" at the end of /etc/ssh/sshd_config to permit SSH login.
Katie
New member
Why cant i turn off ssh password authentication?
i have the following in /etc/ssh/sshd_config
PasswordAuthentication no
But sshd still allows for password authentication.
I need to turn this off, i use public key authentication and dont need eed this.
according to my logs there have been a few attempts to randomaly find usernames and passwords. Ive already changed the port but i also want to be able to block all dictionary attacks, even incase they scan all ports.
Dan
i have the following in /etc/ssh/sshd_config
PasswordAuthentication no
But sshd still allows for password authentication.
I need to turn this off, i use public key authentication and dont need eed this.
according to my logs there have been a few attempts to randomaly find usernames and passwords. Ive already changed the port but i also want to be able to block all dictionary attacks, even incase they scan all ports.
Dan
tillo
Verified User
Have you restarted sshd after modifying the config?
Are you sure that passwords are still accepted? The fact that in the logs you can still read passworded tries doesn't mean that sshd accepts them: it always log anything that goes wrong.
Also, in the original config there is "# PasswordAuthentication yes": when you changed to "no", did you remove the comment and space at the beginning of the line?
Are you sure that passwords are still accepted? The fact that in the logs you can still read passworded tries doesn't mean that sshd accepts them: it always log anything that goes wrong.
Also, in the original config there is "# PasswordAuthentication yes": when you changed to "no", did you remove the comment and space at the beginning of the line?