Jump to content

Best way to clone my headless server

ichase

By ichase
in Bruno's All Things Linux

 Share

Recommended Posts

ichase

ichase

Posted
  • Author
Posted

Hope your port for SSH is a non-standard SSH port and that you have disabled enable root in the config as well.

Most definitely Fran, I have a random port, not the typical Port 22 ;)

  • Like 1
Link to comment
Share on other sites
ichase

ichase

Posted
  • Author
Posted

And disabled root to login in I assume as well if you knew to do that. ;)

Honestly, I will need to check that :) Thanks as always for the great advice/guidance/education :)

  • Like 1
Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

Excellent. You are very welcome! It's very important which is why I stressed it. ;)

 

You can still su, or sudo if that's how you do it, but it should be set up to disallow root from logging in.

Link to comment
Share on other sites
ichase

ichase

Posted
  • Author
Posted

Oh, I don't log into the server or the desktop upstairs as root. I just su to root once connected to do updates or anything else requiring root privalages :)

Link to comment
Share on other sites
ichase

ichase

Posted
  • Author
Posted (edited)

Fran, I don't think I am on the same page of music here. :blush2: what config file are you refering too? I use secure shell to login to the server and the desktop upstairs from my laptop downstairs. When I login, I log in as ichase (non-root user) once I am connected to either the server or the desktop upstairs, I su to root at the command line to perforrm any root required functions. I then will just type "exit" to go back to ichase. Is that not a safe way to do it?

 

I did log into my desktop upstairs last night then once logged in, logged into the server as non-root. I apologize, I just don't think I am following what I think I am following. :lol:

Edited by ichase
Link to comment
Share on other sites
amenditman

amenditman

Posted
Posted

On the server, you need to disble the login as root possibility. Then you can only login as the user account. Once logged in you can use su or sudo to accomplish tasks.

 

First, protect the bootloader, password protect it and disallow runlevel one, single user mode.

 

Then I would take a look at this CentOS documentation for securing a server.

I think one of the first two options listed will accomplish what you need.

Link to comment
Share on other sites
ichase

ichase

Posted
  • Author
Posted

On the server, you need to disble the login as root possibility. Then you can only login as the user account. Once logged in you can use su or sudo to accomplish tasks.

 

First, protect the bootloader, password protect it and disallow runlevel one, single user mode.

 

Then I would take a look at this CentOS documentation for securing a server.

I think one of the first two options listed will accomplish what you need.

Thanks for the guidance Amenditman - Now what config file do I need to do this with. My smb.conf?

Thanks for posting the link, I will be checking it out. :thumbsup:

Link to comment
Share on other sites
securitybreach

securitybreach

Posted
Posted

Thanks for the guidance Amenditman - Now what config file do I need to do this with. My smb.conf?

Thanks for posting the link, I will be checking it out. :thumbsup:

 

No, disabling root login is enabled on /etc/ssh/sshd_config.

Link to comment
Share on other sites
ichase

ichase

Posted
  • Author
Posted (edited)

Josh, yeah I saw that once I actually read the documentation in Amenditman's link. Wow, that is easy enough. So from what I am gathering is, by editing the /etc/ssh/sshd_config file and setting the PermitRootLogin parameter to no, if I try to perform as root

ichase # ssh -p port ichase_at_ipaddy

It won't allow access but by doing the same as above as the non-root user (ichase) it will, then just "su" to root when I need to perform root level actions?

 

I believe that is a light bulb I am seeing and not a frieght train light. :thumbsup:

Edited by ichase
Link to comment
Share on other sites
ichase

ichase

Posted
  • Author
Posted

Ahhhhh, now it is all making sense. Simply put, this will prevent anyone from "breaking" into the server and being able to run as root.

 

This has been a very imformative thread and hope others reading it have gotten as much out of it as I have. :thumbsup:

  • Like 1
Link to comment
Share on other sites
securitybreach

securitybreach

Posted
Posted

Ahhhhh, now it is all making sense. Simply put, this will prevent anyone from "breaking" into the server and being able to run as root.

 

This has been a very imformative thread and hope others reading it have gotten as much out of it as I have. :thumbsup:

 

Good deal :thumbup:

Link to comment
Share on other sites
ichase

ichase

Posted
  • Author
Posted

Josh,

Just wanted to mention, followed the wiki in regards to X11 forwarding. Worked like a champ. As mentioned, I really don't have any gui applications on the desktop that I don't have on the laptop but that is a pretty darn cool tool. :thumbup: Thanks for the tip. ;)

  • Like 1
Link to comment
Share on other sites
securitybreach

securitybreach

Posted
Posted

Josh,

Just wanted to mention, followed the wiki in regards to X11 forwarding. Worked like a champ. As mentioned, I really don't have any gui applications on the desktop that I don't have on the laptop but that is a pretty darn cool tool. :thumbup: Thanks for the tip. ;)

 

No problem, anytime B)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...