AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

 View Only

  • 1.  Disable SSH Root acceess & Public key import

    Posted Mon June 08, 2009 03:45 AM

    Originally posted by: SystemAdmin


    Hi all,

    I am pretty new to AIX and want to achieve following issues.
    First of all, i have to disable the SSH access for root user.

    So, i've changed the configuration of ssh_config file as below. /etc/ssh/ssh_config
    And i've put a public key under .ssh/ directory and named it as authorized_keys.

    1. Host *
    2. ForwardAgent no
    3. ForwardX11 no
    4. RhostsRSAAuthentication no
    #RSAAuthentication yes
    PermitRootLogin without-password
    StrictModes no
    #PasswordAuthentication no
    1. HostbasedAuthentication no
    2. BatchMode no
    3. CheckHostIP yes
    4. AddressFamily any
    5. ConnectTimeout 0
    6. StrictHostKeyChecking ask
    IdentityFile ~/.ssh/authorized_keys
    1. IdentityFile ~/.ssh/id_rsa
    2. IdentityFile ~/.ssh/id_dsa
    3. Port 22
    4. Protocol 2,1
    5. Cipher 3des
    6. Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
    7. EscapeChar ~

    I've restarted the sshd daemon as below.
    stopsrc -g ssh
    startsrc -g ssh

    Actually, it seems no problem with private key access, i can do it at the moment. However, i still have access with root user using SSH.
    How can i prevent this and keep logging into systems using private key as a root user?

    Regards,
    Onur


  • 2.  Re: Disable SSH Root acceess & Public key import

    Posted Mon June 08, 2009 05:44 AM

    Originally posted by: tony.evans


    You seem to be trying to do two things.

    Do you want to totally disable SSH access as root? Or do you want to only allow SSH access as root when using keys (i.e. disable SSH access as root with password entry)?


  • 3.  Re: Disable SSH Root acceess & Public key import

    Posted Mon June 08, 2009 06:15 AM

    Originally posted by: SystemAdmin


    I want to disable direct access by root. But, from some machines i should be able to access the systems as root using private keys, not passwords.

    Thank you.


  • 4.  Re: Disable SSH Root acceess & Public key import

    Posted Tue June 09, 2009 04:01 PM

    Originally posted by: SystemAdmin


    are you adding the permitrootlogin without-password to /etc/ssh/ssh_config or sshd_config? it should be sshd_config.


  • 5.  Re: Disable SSH Root acceess & Public key import

    Posted Wed June 10, 2009 12:43 AM

    Originally posted by: j.gann


    take a look at the "Match" configuration directive in openssh's sshd_config to select different options depending on where the ssh connection originated from.

    hope this helps
    Joachim


  • 6.  Re: Disable SSH Root acceess & Public key import

    Posted Fri June 12, 2009 11:19 PM

    Originally posted by: SystemAdmin


    add
    DenyUser=root
    in sshd_config file
    refresh sshd this will not allow root to direct login


Related Content