ichase Posted November 27, 2012 Author Share Posted November 27, 2012 Hope your port for SSH is a non-standard SSH port and that you have disabled enable root in the config as well. Most definitely Fran, I have a random port, not the typical Port 22 1 Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted November 27, 2012 Share Posted November 27, 2012 And disabled root to login in I assume as well if you knew to do that. Quote Link to comment Share on other sites More sharing options...
ichase Posted November 27, 2012 Author Share Posted November 27, 2012 And disabled root to login in I assume as well if you knew to do that. Honestly, I will need to check that Thanks as always for the great advice/guidance/education 1 Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted November 27, 2012 Share Posted November 27, 2012 Excellent. You are very welcome! It's very important which is why I stressed it. You can still su, or sudo if that's how you do it, but it should be set up to disallow root from logging in. Quote Link to comment Share on other sites More sharing options...
ichase Posted November 28, 2012 Author Share Posted November 28, 2012 Oh, I don't log into the server or the desktop upstairs as root. I just su to root once connected to do updates or anything else requiring root privalages Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted November 28, 2012 Share Posted November 28, 2012 Even if you don't do it, you have to physically made the change to the config for security purposes. Quote Link to comment Share on other sites More sharing options...
ichase Posted November 28, 2012 Author Share Posted November 28, 2012 (edited) Fran, I don't think I am on the same page of music here. what config file are you refering too? I use secure shell to login to the server and the desktop upstairs from my laptop downstairs. When I login, I log in as ichase (non-root user) once I am connected to either the server or the desktop upstairs, I su to root at the command line to perforrm any root required functions. I then will just type "exit" to go back to ichase. Is that not a safe way to do it? I did log into my desktop upstairs last night then once logged in, logged into the server as non-root. I apologize, I just don't think I am following what I think I am following. Edited November 28, 2012 by ichase Quote Link to comment Share on other sites More sharing options...
amenditman Posted November 28, 2012 Share Posted November 28, 2012 On the server, you need to disble the login as root possibility. Then you can only login as the user account. Once logged in you can use su or sudo to accomplish tasks. First, protect the bootloader, password protect it and disallow runlevel one, single user mode. Then I would take a look at this CentOS documentation for securing a server. I think one of the first two options listed will accomplish what you need. Quote Link to comment Share on other sites More sharing options...
ichase Posted November 28, 2012 Author Share Posted November 28, 2012 On the server, you need to disble the login as root possibility. Then you can only login as the user account. Once logged in you can use su or sudo to accomplish tasks. First, protect the bootloader, password protect it and disallow runlevel one, single user mode. Then I would take a look at this CentOS documentation for securing a server. I think one of the first two options listed will accomplish what you need. Thanks for the guidance Amenditman - Now what config file do I need to do this with. My smb.conf? Thanks for posting the link, I will be checking it out. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted November 28, 2012 Share Posted November 28, 2012 Thanks for the guidance Amenditman - Now what config file do I need to do this with. My smb.conf? Thanks for posting the link, I will be checking it out. No, disabling root login is enabled on /etc/ssh/sshd_config. Quote Link to comment Share on other sites More sharing options...
ichase Posted November 28, 2012 Author Share Posted November 28, 2012 (edited) Josh, yeah I saw that once I actually read the documentation in Amenditman's link. Wow, that is easy enough. So from what I am gathering is, by editing the /etc/ssh/sshd_config file and setting the PermitRootLogin parameter to no, if I try to perform as root ichase # ssh -p port ichase_at_ipaddy It won't allow access but by doing the same as above as the non-root user (ichase) it will, then just "su" to root when I need to perform root level actions? I believe that is a light bulb I am seeing and not a frieght train light. Edited November 28, 2012 by ichase Quote Link to comment Share on other sites More sharing options...
securitybreach Posted November 28, 2012 Share Posted November 28, 2012 No actually this is to prevent the root username from logging in: ssh -p port root@ipaddy Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted November 28, 2012 Share Posted November 28, 2012 Glad I mentioned it again (about changing the setting in the config file). Quote Link to comment Share on other sites More sharing options...
ichase Posted November 28, 2012 Author Share Posted November 28, 2012 Ahhhhh, now it is all making sense. Simply put, this will prevent anyone from "breaking" into the server and being able to run as root. This has been a very imformative thread and hope others reading it have gotten as much out of it as I have. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted November 28, 2012 Share Posted November 28, 2012 Ahhhhh, now it is all making sense. Simply put, this will prevent anyone from "breaking" into the server and being able to run as root. This has been a very imformative thread and hope others reading it have gotten as much out of it as I have. Good deal Quote Link to comment Share on other sites More sharing options...
ichase Posted November 30, 2012 Author Share Posted November 30, 2012 Josh, Just wanted to mention, followed the wiki in regards to X11 forwarding. Worked like a champ. As mentioned, I really don't have any gui applications on the desktop that I don't have on the laptop but that is a pretty darn cool tool. Thanks for the tip. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted November 30, 2012 Share Posted November 30, 2012 Josh, Just wanted to mention, followed the wiki in regards to X11 forwarding. Worked like a champ. As mentioned, I really don't have any gui applications on the desktop that I don't have on the laptop but that is a pretty darn cool tool. Thanks for the tip. No problem, anytime Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.