Hi I was following the
Securing trixbox CE
(which is easy and good)
By
Tim Yardley
AKA Engineer Tim

steps like (extract)

chkconfig --list

chkconfig ircd off
chkconfig netfs off
chkconfig nfslock off
chkconfig openibd off
chkconfig portmap off
chkconfig restorecond off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig vsftpd off

useradd trixuser
passwd trixuser

/etc/ssh/sshd_config

AllowUsers trixuser
PermitRootLogin no
Port 2222

all fine

but i really want also is a ssh user with admin rights
so i decided to change back to initial status

since then my ssh root login dont work anymore
ssh trixuser is fine
root login in elastix server is ok

what can i do to get my ssh root login back againg?

thanks

To reverse Engineer Tim's work:

If you remove

AllowUsers trixuser
PermitRootLogin no
Port 2222


from /etc/ssh/sshd_config

and

/etc/init.d/sshd restart

(that is necessary or nothing will change) after this your sshd will be just as before.

If ANY ssh user has root privileges, you have not improved the security however, the idea is to

a) change the port to reduce drive-bys
b) disallow the gaping security risk of allowing any ip to attempt root login

so all those changes are a "good thing", the idea is to allow only a non-privileged account, and then after logging in with that account issue

su - root (or just su - )

which will then give you root access.

I suggest a more robust setup might be

allowusers <non privileged account>
RSAAuthentication yes
PermitRootLogin no
Port <some arbitrary port above 1024>
PasswordAuthentication no
PermitEmptyPasswords yes

and set up key pairs for authentication, make sure the keys work before PasswordAuthentication no or you will lock yourself out.

the su - thing will still work fine



for your reference:
www.faqs.org/docs/securing/chap15sec122.html

SOLVED

thanks for your help
trick was i needed to remove trixuser anyway

now is ssh safe as manual
thanks for the su - hint
was not in my book which is not very good in linux

no it wasn't the trixuser, your sshd server remains as unsafe as ever if you removed those lines, check /var/log/secure for attempts on your box.

i mean
i forgot to remove the trixuser line, but when i removed my ssh root login worked again just as if a new elastix install, i did that just for testing purposes, of course i aplied again the security hints, changed the trixuser name, etc
i get a dinamic public ip, also changed my freepbx password admin/admin
am i still unsafe?

what i need to change now is my ip/a2billing default admin/mypassword
how i do that?

now im looking at my var\secure file but how do i read if i was being hacked?

thank a lot my friend

Hello,
ever since i applied Securing trixbox CE,
i cant access to my elastix from outside my LAN,
I need that access so phones registers and have access a2billing from outside.

thanks

Maybe engineertim or the trixbox forum can help you here. Personally I have no interest in trixbox and your post only mentions ssh, I suggest you undo eberything you did bit by bit and see when it starts working again.

my mistake, the router firewall was blocking
ssh is secure now
thanks