Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Suggestions
  4. Topic: other user than "root"
« previous next »
Pages: [1]   Go Down

other user than "root"

  • 4 Replies
  • 3197 Views

Offline Jáder

  • *
  • 1,099
  • +0/-0
    • LinuxFacil
other user than "root"
« on: August 14, 2005, 04:40:22 PM »
I wish that main user was not "root" by security reasons.
Maybe a user like  sme  would be rather difficult to hackers ...

This would be done to 6.01, 6.5 AND mainly 7.0

Thanks
Logged
...

Offline gordonr

  • *
  • 646
  • +0/-0
    • http://www.smeserver.com.au/
Re: other user than "root"
« Reply #1 on: August 16, 2005, 02:30:00 AM »
Quote from: "jader"
I wish that main user was not "root" by security reasons.
Maybe a user like  sme  would be rather difficult to hackers ...

This would be done to 6.01, 6.5 AND mainly 7.0


Root is only allowed to log in on the console by default and is not configured for any services (e.g. IMAP, POP, etc.)

Renaming root is "non-trivial" and provides very little additional security. A root equivalent account is just as dangerous as a root account - each must be properly protected with strong passwords and no remote access.

Do not enable root access over SSH, and if you must, only do so with SSH public keys. And even then, don't - enable public keys for a normal account and use sudo.
Logged
............

Offline Jáder

  • *
  • 1,099
  • +0/-0
    • LinuxFacil
other user than "root"
« Reply #2 on: August 16, 2005, 12:31:30 PM »
Gordon

Thank you by your quick answer.
I understand your choices about root, so do a new suggestion:
make generation of ssh keys easier on SME7. That would allow more people to use keys and not passwords.

I don´t know how to enable keys for other users (neither how to allow other users to login on console @ 6.0.1-01) .

Thanks

Jáder
Logged
...

Offline gordonr

  • *
  • 646
  • +0/-0
    • http://www.smeserver.com.au/
Re: other user than "root"
« Reply #3 on: August 16, 2005, 12:53:11 PM »
Quote from: "jader"
Gordon

Thank you by your quick answer.
I understand your choices about root, so do a new suggestion:
make generation of ssh keys easier on SME7. That would allow more people to use keys and not passwords.


I don't have time to write it for 7.0, but if someone wants to contribute it, I'd love to see this. I'd like to see something that a user can select to generate a key, and have it installed for them.

It would fit nicely on the userpanel, with password, vacation, etc. (and yes, I'd like to see the userpanel work pulled in at some stage).

Quote from: "jader"

I don´t know how to enable keys for other users


There are HOWTOs for SSH key generation on this site.

Quote from: "jader"

(neither how to allow other users to login on console @ 6.0.1-01) .


All you need to do is change their shell. Only do this for administrative users - nobody else needs to be able to log in.
Logged
............

Offline Jáder

  • *
  • 1,099
  • +0/-0
    • LinuxFacil
non-root
« Reply #4 on: August 20, 2005, 02:25:27 PM »
Gordon

Thank you by your tip about howto allow non-root user to do login.
I already implement this on my own server to testing.
I´ll start to test v.7B1 today.

Thank you.

Jáder
Logged
...
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Suggestions
  4. Topic: other user than "root"