Thursday, December 17, 2009

Block direct SSH to root, but not to root equivalent

The PermitRootLogin no option of /etc/ssh/sshd_config will block all the users with UID 0. Below is an option to overcome this.

# vi /etc/ssh/sshd_config

###PermitRootLogin no
AllowUsers newuser guest psychotux hari
DenyUsers root

# /etc/init.d/sshd restart

Here users listed along with AllowUsers can be normal user or root equivalent.

No comments: