How to prevent the root user from logging into SSH with a password?

S

Sanes2016-07-06 13:48:30

linux

Sanes, 2016-07-06 13:48:30

The task is the following:

The root user can only log into SSH with a key
Other users can log in to SSH with a password

How can this be resolved? Never had to deal with anything like this.
Current config

Port 22

Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes

KeyRegenerationInterval 3600
ServerKeyBits 1024

SyslogFacility AUTH
LogLevel INFO

LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no

PermitEmptyPasswords no

ChallengeResponseAuthentication no


#Match User root
PasswordAuthentication yes
GSSAPIAuthentication no

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes


AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes
UseDNS no

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

E

Eugene, 2016-07-06
@Nc_Soft

serverfault.com/questions/285800/how-to-disable-ss...

S

sazhyk, 2016-07-07
@sazhyk

And what if you remove the password from the root, set
PermitRootLogin without-password
Deny empty passwords
PermitEmptyPasswords no
And connect with the key. If I don’t confuse anything, you will get
1. Ruth can only connect with the key (he doesn’t have a password, but you can’t use an empty one)
2. The rest are groomed by passwords

P

Pavel Serenko, 2016-07-14
@p1r4te

PermitRootLogin yes -> PermitRootLogin no
And log in not as root. In general, it's bad to go anywhere with a root. It is better to disable it by first adding your user to sudoers and to the group with root rights.