cancel
Showing results for 
Search instead for 
Did you mean: 

sshd config

SOLVED
Go to solution
Andrew medhurst1
Frequent Advisor

sshd config

guys how can i restrict root login to 1 server.
i nee to enable root login but want to restrict it so that only 1 node can achieve direct root login, i have been searching though SSHD_config but not obvious how i can achieve.
all answers gartefully rewarded.
regards
andrew
4 REPLIES
Michal Kapalka (mikap)
Honored Contributor

Re: sshd config

sachit patil
Regular Advisor

Re: sshd config

you can enble in sshd_config file



# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes


kobylka
Valued Contributor
Solution

Re: sshd config

Hello Andrew!


To allow root logins from a specified client machine:

PermitRootLogin yes

and change AllowUsers to allow root log ins only from the specified client machine:

AllowUsers root@client_machine

The AllowUsers will affect all other users as well, if they are not listed there, they won't be able to connect to sshd (add users separated by space). Keep this in mind :)

Also, a quite common headbreaking problem is that sshd tries to reverse lookup the ip of the client, if it doesn't resolve to the specified hostname, you will be denied access.


Kind regards,

Kobylka
Jannik
Honored Contributor

Re: sshd config

If you use keys you could restrict the login in the authorized_keys.

from="*.eng.cam.ac.uk,!untrusted.eng.cam.ac.uk"

You still need to set the PermitRootLogin to yes, but you could change the root password to something very difficult. You could disable passwords for root (create a backdoor if it does not work like sudo).

You could use sudo in a combination with ssh-keys and NOPASSWD in the sudoers file.
jaton