Results 1 to 3 of 3

Thread: Block root access to ssh

  1. #1

    Default Block root access to ssh

    To block root access to ssh, would I edit /etc/ssh/sshd_config and change this line

    Code:
    PermitRootLogin yes
    to

    Code:
    PermitRootLogin no
    or is more required? And are they any downsides to restricting root access to ssh?

    tia
    OpenSuse 15.2, Plasma 5.18.5
    Gigabyte GA-Z87X-UD4H Mobo; 16G Ram
    Intel Core i5-4570 Processor (6M Cache, up to 3.60 GHz)

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    28,669

    Default Re: Block root access to ssh

    Did you read the man page? It says
    PermitRootLogin
    Specifies whether root can log in using ssh(1). The argument must be yes, prohibit-password, forced-commands-only, or no. The default is yes.

    If this option is set to prohibit-password (or its deprecated alias, without-password ), password and keyboard-interactive authentication are disabled for root.

    If this option is set to forced-commands-only, root login with public key authentication will be allowed, but only if the command option has been specified (which may be useful for taking remote backups even if root login is normally not allowed). All other authentication methods are disabled for root.

    If this option is set to no, root is not allowed to log in.
    What is unclear about it? Specialy the last line.
    Henk van Velden

  3. #3
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    4,121

    Cool Re: Block root access to ssh

    Quote Originally Posted by susesteve View Post
    And are they any downsides to restricting root access to ssh?
    Remote maintenance by directly logging into the user “root” will not be possible – SSH networking security topics are here – <https://doc.opensuse.org/documentati.../cha-ssh.html#>.
    • Remote maintenance will still be possible by using SSH sessions to an administrative user.

    Hard-core security is achieved by limiting access to the user “root” to be only from physically sitting at the system's physical console – no physical access to the system's console, no possibility to be “root” …

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •