Find the answer to your Linux question:
Results 1 to 2 of 2
I know I can use PAM and the access.conf file to restrict root SSH logins from specific IP addresses, so I want to do that but I also want ROOT ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 05-10-2008 #1
    BrianCarpio
    BrianCarpio is offline
    Just Joined!
    Join Date
    Jan 2008
    Posts
    5

    Pam + Ssh Keys

    I know I can use PAM and the access.conf file to restrict root SSH logins from specific IP addresses, so I want to do that but I also want ROOT to only be able to login VIA ssh using a trusted ssh_key (authorized_keys) and not a password, the only way to SSH log onto the box using the ROOT password should be via the console or via su - . This should only be for the ROOT user and not for other users.
    Reply With Quote Reply With Quote
  2. 05-18-2008 #2
    anomie
    anomie is offline
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Quote Originally Posted by BrianCarpio
    I also want ROOT to only be able to login VIA ssh using a trusted ssh_key (authorized_keys) and not a password
    In /etc/ssh/sshd_config:
    Code:
    PermitRootLogin without-password
    See sshd_config(5) manpages for details.

    Quote Originally Posted by BrianCarpio
    the only way to SSH log onto the box using the ROOT password should be via the console or via su - . This should only be for the ROOT user and not for other users.
    Edit /etc/securetty and remove everything except the line that says "console". (IIRC, in this context, console refers to single-user mode console -- you'll want to test that.)
    FreeBSD Handbook & FAQ // CentOS wiki
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules