OVH Community, your new community space.

A unique problem that you gus have never seen..


derchris
15-04-2010, 09:14
Or just use keys.

pdu
14-04-2010, 21:27
Actually, the permitrootlogin is leftover from a much older version off ssh that had a vulnerability in it's encryption when sending the initial credentials, but was perfectly secure thereafter, so it was advised to disable root login and then only use su/sudo. That particular bug was fixed years ago now and as such, it's not much of a security problem, unless of course your root password is easily brute forcable and you aren't running tools such as fail2ban. Another little trick i'm rather fond of, is once you've moved the ssh port, install portsentry as well and have it drop anyone who even looks at port 22, you'll be amazed how many iptables entries you have in a day

fozl
09-04-2010, 16:59
Quote Originally Posted by Andy.
Until you try and get OVH support. Then you may have to go back and permit root and tell support which port the ssh is moved to. Failure to do this when raising any ticket will result in a delay getting your issue resolved if OVH need to access your server. You'll get some message back telling you to allow the OVH key (despite 99% of users not even realising there IS an OVH key that can be deleted) when all you've really done is change the SSH port.
Just a heads up!
Yes, well advised Andy's evil twin.

If you do change ssh port, bear this in mind regarding ovh support: http://help.ovh.co.uk/InstallOvhKey

Andy.
09-04-2010, 13:23
Quote Originally Posted by fozle
As aozm48 says, and this config is more secure. Sprinkle in some Fail2Ban as well, and maybe a splash of change-ssh-port too just for that little extra warm feeling inside.
Until you try and get OVH support. Then you may have to go back and permit root and tell support which port the ssh is moved to. Failure to do this when raising any ticket will result in a delay getting your issue resolved if OVH need to access your server. You'll get some message back telling you to allow the OVH key (despite 99% of users not even realising there IS an OVH key that can be deleted) when all you've really done is change the SSH port.
Just a heads up!

fozl
09-04-2010, 12:02
As aozm48 says, and this config is more secure. Sprinkle in some Fail2Ban as well, and maybe a splash of change-ssh-port too just for that little extra warm feeling inside.

aozm48
09-04-2010, 10:13
under ssh it is possible to deny ssh login using root, but still allow you to sudo using root
if you check the sshd config file, it may show a value called permitrootlogin, if this is set to no, it will deny root login via ssh

hope this helps

derchris
09-04-2010, 02:04
is root login actually enabled?

turbanator
08-04-2010, 23:43
i am able to log in to root via going in to my user profile and doing su...

but wehn i want to log in as root using ssh

that is username: root password: that same password says access denied...

i know something is messed with with ssh keys..and its not able to identify that..with root..

but i am still learning abt linux and would appreciate some help regarding that thanks