Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: spook on January 03, 2007, 09:41:57 AM
-
I get this email daily - How serious is it, and how do I do anything about it?
/etc/cron.daily/01-rkhunter:
Line:
Watch out Root login possible. Possible risk!
-----------------------------------------------------------------
Found warnings:
[04:03:06] Warning: root login possible. Change for your safety the 'PermitRootLogin'
-
Rkhunter gives you this warning because having ssh configured for root login *is* a security hole.
You can close this hole with the /server-manager/ in remote access.
-
You can close this hole with the /server-manager/ in remote access.
Which setting there are we supposed to change in order to close this hole???
-
Set Secure shell access (under Secure Shell Settings) to no access.
-
I need SSH root access. How do I make it stop warning me?
-
Ignore the message or you could just delete the cronjob. I would recomend ignoring the message.
-
Here are instructions (rough translation from French) to disable the rkhunter check for SSH root login (from http://www.smeserver.fr/astuces.php?astuce=mail_rkhunter_root )
----
The safest solution is to disable the option to allow administrative SSH access in the Remote access page of the server-manager. This of course forces you to be able login with another account to manage the server via SSH.
The simplest solution is removing this check from the rkhunter configuration file. For that, you must edit the /etc/rkhunter.conf file with your preferred editor and modifying the following line:
ALLOW_SSH_ROOT_USER=1
As this file is not templated, this modification is enough.
----
-
I need SSH root access. How do I make it stop warning me?
You can have secure access as any user even at root level while not being logged in as root. This is the preffered method. you can do this when you give the user sudo access and a prompt, you can than use the sudo and the su command to run commands at root level.
I believe dungog (http://www.dungog.net[/url) has a contrib for easy configuration of user remote access where you can set things like this.
-
I need SSH root access. How do I make it stop warning me?
You can have secure access as any user even at root level while not being logged in as root. This is the preffered method. you can do this when you give the user sudo access and a prompt, you can than use the sudo and the su command to run commands at root level.
I believe dungog (http://www.dungog.net[/url) has a contrib for easy configuration of user remote access where you can set things like this.
I get this same errormessage and i would like to close this securityhole thus still allow remote SSH login with another user.
I use putty via Windows XP to my box.
I allready have Dungog's "User remote access" with Shell access and sudo enabled for the user i want to use instead of root.
And i can perform administrative tasks with this user when Remote access setting is "Secure Shell access - Allow public access (entire internet)" and "Allow administrative command line access over secure shell" and "Allow secure shell access using standard passwords" is both set to yes.
However if i disable these remote access settings as advised i can't use root login which is what i wanted. But i can not use the other user either. I then can not user remote SSH at all with any user. Putty just time out
How should i set it up so root can't have access over ssh and close this security hole but still be able to use another account to adminstrate my sme box via SSH?
-
I also got this message and followed "safe" guidelines. However, using su it did not allow me to signal-event post-upgrade or signal-event reboot after doing some tasks that required this to happen.
Any ideas?