PDA

View Full Version : SSH for root only


john3883
19th September 2004, 05:56 AM
I have my server setup with ssh and I have multiple users that use my server. I still want to be able to use SSH but I dont want other users to be able to use it. So I want the root to be the only one that can use it or at least be able to chroot the users to their home directory like you can do with vsftp. Does any one know how to do this?

ewdi
19th September 2004, 06:00 AM
I think the best way is NOT to allow root direct login and allow only one account into the wheel to issue SU command, that is what i did

kosmosik
19th September 2004, 01:24 PM
I think the best way is NOT to allow root direct login and allow only one account into the wheel to issue SU command, that is what i did

if you use keys instead of passwords root access is OK. you need it anyway to administer the machine...

as for limiting access to shell/ssh and so on. you can change users shell to something like /bin/false or /bin/nologin - or change ssh server settings (you need to RTFM - AllowGroup AllowUsers directives). you can also mess with PAM.

john3883
19th September 2004, 08:51 PM
If i change the shell that the user uses will they still be able to use ftp and be able to send and recieve mail? If so than which shell would be best to change it to?

john3883
20th September 2004, 08:17 AM
I just don't want to change it i it is going to mess other stuff up.

jeru
20th September 2004, 09:08 AM
I wouldn't allow root to use ssh. There are a number of worms out there trying to hack root through ssh.

What you could do is add something like this to /etc/ssh/sshd_config
AllowUsers yourusername

And that would only let you log into it via ssh. Then you could 'su' to root and su anywhere you want from there.

john3883
20th September 2004, 09:24 PM
thanks this helped a lot. I was able to make it so only I could use ssh and also fix a security risk with the root thing

ghenry
21st September 2004, 04:36 PM
you could even only let them have scp access. See:

http://www.linux-magazine.com/issue/45/SCPonly_Review.pdf