Stop root login with password - Not working with lish

Hi,

I've configured my sshd_config with the following information and restarted on a debain 7 install:

Port 22

Protocol 2

HostKey /etc/ssh/sshhostrsa_key

HostKey /etc/ssh/sshhostdsa_key

HostKey /etc/ssh/sshhostecdsa_key

UsePrivilegeSeparation yes

KeyRegenerationInterval 3600

ServerKeyBits 768

SyslogFacility AUTH

LogLevel INFO

LoginGraceTime 1m

PermitRootLogin without-password

StrictModes yes

RSAAuthentication yes

PubkeyAuthentication yes

IgnoreRhosts yes

RhostsRSAAuthentication no

HostbasedAuthentication no

PermitEmptyPasswords no

ChallengeResponseAuthentication no

X11Forwarding yes

X11DisplayOffset 10

PrintMotd no

PrintLastLog yes

TCPKeepAlive yes

AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM no

AllowUsers root testing

ClientAliveInterval 600

ClientAliveCountMax 0

However, it seems I am still able to login as root with a password when I am using the lish ajax web panel. In theory my settings should have stopped that, so what do I need to do it make it so that only my "testing" user can login with a password and root must use a SSH key?

Any help would be appreciated.

James

1 Reply

Hi James,

When you login via LISH, you are logging into the 'console' of your Linode.

Your SSH configuration has no involvement there.

If, for some reason you really want to disable root login via the console (and I'm not sure it's recommended), you could modify /etc/securetty.

Hope that helps!

[edited for readability, twice - sigh].

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct