Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: uniqsys on August 26, 2006, 04:41:03 AM

Title: SSH logins
Post by: uniqsys on August 26, 2006, 04:41:03 AM

Hi all,
I have a question the answer to which may help me understand the 7.0 changes to SSH.  Please help if you can.

Under 6.0 I use to login via SSH using a created user, not root.  Then once logged in I would su to root.  By doing so I thought it a "best practice" to maintain good security levels.  I did not enable command line access in the remote access panel of Server Manager -didn't need to.  All worked well.

Under 7.0 I tried to set up a similar access and get "access denied" when I try to login as a non-root user (but still in the admin group).  However, I am able to login as root only if I enable command line access in Server Manager.  I have even tried after editing passwd and changing the access under the user account from /usr/bin/rssh to /usr/bin/bash.

Could someone help explain to me this behaviour and how I can re-establish my former practice?  I would like to continue my "old" practice if I could.  I thought I understood this but obviously that is not the case.

Thanks.

Title: Re: SSH logins
Post by: cactus on August 26, 2006, 11:13:02 AM

Quote from: "uniqsys"

Hi all,
I have a question the answer to which may help me understand the 7.0 changes to SSH.  Please help if you can.

Under 6.0 I use to login via SSH using a created user, not root.  Then once logged in I would su to root.  By doing so I thought it a "best practice" to maintain good security levels.  I did not enable command line access in the remote access panel of Server Manager -didn't need to.  All worked well.

Under 7.0 I tried to set up a similar access and get "access denied" when I try to login as a non-root user (but still in the admin group).  However, I am able to login as root only if I enable command line access in Server Manager.  I have even tried after editing passwd and changing the access under the user account from /usr/bin/rssh to /usr/bin/bash.

Could someone help explain to me this behaviour and how I can re-establish my former practice?  I would like to continue my "old" practice if I could.  I thought I understood this but obviously that is not the case.

Thanks.

Try the dungog remote user access panel (http://www.dungog.net/sme/admin.php#remote), and maybe also read up on SSH using authorized keys (http://www.wellsi.com/sme/ssh/ssh.html) by Ian Wells

Title: Re: SSH logins
Post by: frond on August 27, 2006, 03:13:07 PM

uniqsys

Search bugzilla on ssh best practise.
Gordon Rowell has a good post there.