permission problems w/ ordinary user ....

William A. Mahaffey III wam at hiwaay.net
Sun Aug 3 12:59:25 UTC 2014 

On 08/03/14 04:23, Mike Clarke wrote:
> On Saturday 02 August 2014 18:59:09 William A. Mahaffey III wrote:
>> On 08/02/14 18:45, Roland Smith wrote:
>>> On Sat, Aug 02, 2014 at 06:28:47PM -0500, William A. Mahaffey III
> wrote:
>
> [snip]
>
>>>> I can ssh in as root no sweat
>>> Yikes. That is usually the first thing I'd disable!
>>>
>>>
>>> Roland
>> I do that (easy root login) on purpose, my LAN is not internet
>> exposed (except when I'm browsing)
> You can make things a bit more secure by requiring ssh keys instead of
> a password for remote access.
>
> Use ssh-keygen to generate your keys then append your ~/ssh/id_rsa.pub
> to /root/.ssh/authorized_keys on the machine where you need root
> access.
>
> Then make these changes to /etc/ssh/sshd_config on the remote machine
> and restart sshd.
>
> --- /usr/src/crypto/openssh/sshd_config 2013-01-12 13:21:39.235909173
> +0000
> +++ /etc/ssh/sshd_config        2013-01-12 13:20:23.078909059 +0000
> @@ -45,4 +45,5 @@
>   #LoginGraceTime 2m
>   #PermitRootLogin no
> +PermitRootLogin without-password
>   #StrictModes yes
>   #MaxAuthTries 6
> @@ -64,5 +65,5 @@
>   
>   # Change to yes to enable built-in password authentication.
> -#PasswordAuthentication no
> +PasswordAuthentication no
>   #PermitEmptyPasswords no
>
> NB. If you don't have physical access to the remote machine then be
> very careful not to make any mistakes which could lock you out of it.
> In particular make sure you have set up your keys and edited
> /root/.ssh/authorized_keys correctly before reconfiguring sshd. To be
> on the safe side confirm that you can make a successful remote login
> from another terminal window before closing your current remote
> session.


This (keyed access) is how I have every machine on my network setup, 
just haven't gotten there yet w/ this (very new) box. *High* on my TODO 
list ....

-- 

	William A. Mahaffey III

  ----------------------------------------------------------------------

	"The M1 Garand is without doubt the finest implement of war
	 ever devised by man."
                            -- Gen. George S. Patton Jr.

More information about the freebsd-questions mailing list