Welcome to Linux Forums!

With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.

Linux Forum ArticlesLinux ForumsLinux Forum DownloadsLinux Hosts
Home|Register|FAQ|Member List|Calendar|Unanswered Posts|Forum Rules|Today's Posts|Advanced Search|
SEARCH FOR IN
Go Back   Linux Forums > GNU Linux Zone > Linux Security
Reload this Page Pam + Ssh Keys
Linux Forums
Linux Forums
Welcome To The Linux Forums!
Welcome to Linux Forums. We pride ourselves in being one of the largest Linux communities on the web, we encourage you to REGISTER on our forums and participate in the community. There are over 150,000 members ready to answer your questions. JOINING US today will allow you to make new posts, get support, send messages to other members and submit downloads to our downloads directory and many other great features!

Linux Security Discussion about keeping your machines secure, and the crackers out.

Reply
 
Thread Tools Display Modes
Old 05-10-2008   #1 (permalink)
BrianCarpio
Just Joined!
 
Join Date: Jan 2008
Posts: 4
Pam + Ssh Keys
I know I can use PAM and the access.conf file to restrict root SSH logins from specific IP addresses, so I want to do that but I also want ROOT to only be able to login VIA ssh using a trusted ssh_key (authorized_keys) and not a password, the only way to SSH log onto the box using the ROOT password should be via the console or via su - . This should only be for the ROOT user and not for other users.
BrianCarpio is offline   Reply With Quote
Old 05-18-2008   #2 (permalink)
anomie
Linux Guru
 
anomie's Avatar
 
Join Date: Mar 2005
Location: Texas
Posts: 1,699
Quote:
Originally Posted by BrianCarpio
I also want ROOT to only be able to login VIA ssh using a trusted ssh_key (authorized_keys) and not a password
In /etc/ssh/sshd_config:
Code:
PermitRootLogin without-password
See sshd_config(5) manpages for details.

Quote:
Originally Posted by BrianCarpio
the only way to SSH log onto the box using the ROOT password should be via the console or via su - . This should only be for the ROOT user and not for other users.
Edit /etc/securetty and remove everything except the line that says "console". (IIRC, in this context, console refers to single-user mode console -- you'll want to test that.)
__________________
FreeBSD Handbook & FAQ // CentOS wiki
anomie is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT. The time now is 09:59 AM.

Contact Us | Advertise | Archive | Top
Powered by vBulletin 3.6.8 ©2000 - 2007, content relevant URLs by vBSEO, Property of Core Root.

Content Relevant URLs by vBSEO 3.0.0