Difference between revisions of "Talk:PAM"
From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
"42.1.4.2.3. Disabling Root SSH Login <br/>To prevent root logins via the SSH protocol, edit the SSH daemon's configuration file (/etc/ssh/sshd_config). Change the line that reads: <code># PermitRootLogin yes</code> to read as follows: <code>PermitRootLogin no</code>" Kind of a wide cut if used, but it's another option if the PAM config isn't good enough. access.conf doesn't seem to be working. jdelete is able to log into more than what was originally indicated by the table. | "42.1.4.2.3. Disabling Root SSH Login <br/>To prevent root logins via the SSH protocol, edit the SSH daemon's configuration file (/etc/ssh/sshd_config). Change the line that reads: <code># PermitRootLogin yes</code> to read as follows: <code>PermitRootLogin no</code>" Kind of a wide cut if used, but it's another option if the PAM config isn't good enough. access.conf doesn't seem to be working. jdelete is able to log into more than what was originally indicated by the table. | ||
| − | '''pam_access.so''' has to be referenced by in ''/etc/pam.d/sshd''. That library uses ''/etc/security/access.conf'' [http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/ch-pam.html] | + | '''pam_access.so''' has to be referenced by in ''/etc/pam.d/sshd''. That library uses ''/etc/security/access.conf'' [http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/ch-pam.html] <strike>Or maybe not, becuase it's not referenced in roentgen's!</strike> Here's what looks to be the key line: |
| + | account required pam_access.so | ||
Latest revision as of 16:06, 30 July 2007
"42.1.4.2.3. Disabling Root SSH Login
To prevent root logins via the SSH protocol, edit the SSH daemon's configuration file (/etc/ssh/sshd_config). Change the line that reads: # PermitRootLogin yes to read as follows: PermitRootLogin no" Kind of a wide cut if used, but it's another option if the PAM config isn't good enough. access.conf doesn't seem to be working. jdelete is able to log into more than what was originally indicated by the table.
pam_access.so has to be referenced by in /etc/pam.d/sshd. That library uses /etc/security/access.conf [1] Or maybe not, becuase it's not referenced in roentgen's! Here's what looks to be the key line:
account required pam_access.so
