Web Hosting Forum | Lunarpages

Author Topic: rootlogin possible.. getting scared!!!  (Read 1198 times)

Offline purepersian

  • Galactic Royalty
  • *****
  • Posts: 298
    • http://www.borobiroon.com
rootlogin possible.. getting scared!!!
« on: August 29, 2007, 04:48:55 AM »
hi there
i have recently recieved a couple of emails from my VPS stating:

Security scanning generated the following warnings (the full scanning log
is available at /var/log/rkhunter.log):
 
[05:30:43] ------------------------- Security advisories -------------------------
[05:30:43] Warning: root login possible. Change for your safety the 'PermitRootLogin'
[05:30:43] Warning: SSH version 1 possible allowed!


should i be worried? how do i fix this
i would appreciate any help, thank u so much
Judge not, as you'll be judged first...

Borobiroon.com - Persian Community
Blue Water Media - Professional Webdesign

Offline perestrelka

  • Master Jedi
  • *****
  • Posts: 1397
Re: rootlogin possible.. getting scared!!!
« Reply #1 on: August 30, 2007, 12:12:17 AM »
Hi,

You may ignore this warning if you prefer to use root to ssh into server and frequently use this. If you would like to secure your server more and use unprivileged user for ssh, you will need to create a user via shell and make him a member of the wheel group so that it could do su to root. Then you can disable root logins via ssh by setting PermitRootLogin to no in /etc/ssh/sshd_config. SSH demon restart will be required after that (service sshd restart). Please bear in mind that if you do not create a user and do not make it the wheel group member, you will lose root access via ssh to the server.

I hope this helps.
Kind Regards,
Vlad Artamonov

Offline geolev

  • Spaceship Navigator
  • *****
  • Posts: 75
    • Alliance Computer Solutions
Re: rootlogin possible.. getting scared!!!
« Reply #2 on: September 01, 2007, 02:21:24 PM »
I did what perestrelka suggested. I created another user with a strong password. Then I ssh in using the new user and 'su -' to root. Then modified /etc/ssh/sshd_config. My file had "PermitRootLogin yes" commented out. I thought that was odd. Anyways, I uncommented it and changed it to "PermitRootLogin no" and then I restarted the service with 'service sshd restart'.

I tried to ssh in using root and it wouldn't let me it. I was surprised that it prompted me for a password though. I did this because I noticed in the /var/log/messages log that there were thousands of root login attempts. Some scumbag was trying to gain access to my system. I hope this puts a stop to it.

George

Offline perestrelka

  • Master Jedi
  • *****
  • Posts: 1397
Re: rootlogin possible.. getting scared!!!
« Reply #3 on: September 01, 2007, 08:00:10 PM »
Hi George,

The modification you did will never allow somebody to login remotely even if they got the root password somehow. This change is always considered as a good security measure.

Please advise, if you have any further questions on this matter.
Kind Regards,
Vlad Artamonov

 

Share |