How to restrict SSH root login, but allow some exceptions

linux ssh centos openssh
6,829

Given that logging in as root is not a good idea, have a look at sshd manpage:

PermitRootLogin

Specifies whether root can log in using ssh(1). The argument must be ``yes'', ``without-password'', ``forced-commands-only'' or ``no''. The default is ``yes''.

If this option is set to ``without-password'' password authenti- cation is disabled for root.

If this option is set to ``forced-commands-only'' root login with public key authentication will be allowed, but only if the command option has been specified (which may be useful for taking remote backups even if root login is normally not allowed). All other authentication methods are disabled for root.

If this option is set to ``no'' root is not allowed to log in.

So you could use PermitRootLogin without-password for allowing private/public key authentication while disallowing password authentication; or maybe PermitRootLogin forced-commands-only to let you login as root but without interactive access.

The latter case requires you to edit authorized_keys file, to specify which command is enabled for the logging is user, like this:

command="rdiff-backup --server" ssh-rsa AAAAB3NzaC1y... (rest of key)

or even better, allow forced-commands-only root login only from specific ip address:

from="10.1.1.1",command="/home/user/command/to/execute" ssh-rsa AAAAB3NzaC1y... (rest of key)
Share:
6,829
Vladimir Franciz S. Blando
Author by

Vladimir Franciz S. Blando

Updated on September 18, 2022

Comments

  • Vladimir Franciz S. Blando
    Vladimir Franciz S. Blando over 1 year

    in openssh, you can restrict root login (PermitRootLogin no) but can it have an exception?

    • Wayne Jhukie
      Wayne Jhukie almost 12 years
      But that would mean that root login was permitted ... why not login as a user and then su / sudo?
    • Dennis
      Dennis almost 12 years
      I'm sorry, but what exception? Either you permit root login or you don't.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SSH: "no such identity"
SSH Login doesn't work using a key Without Password?
Missing begin marker error with public key ssh login
SSH troubles: ssh_exchange_identification/kex_exchange_identification: Connection closed by remote host
-bash-4.2$ for command line?
Permission denied (publickey,password,keyboard-interactive) error
Virtual Machine with Bridged Adapter to Centos not accepting ssh from host machine
SSH permission denied from Linux to Windows using keys
Terminate SSH Connections That Hang or Become Idle
Managing a server over SSH