ssh root login dont work after "Securing trixbox C

alben

Joined
Jan 20, 2010
Messages
28
Likes
0
Points
0
#1
Hi I was following the
Securing trixbox CE
(which is easy and good)
By
Tim Yardley
AKA Engineer Tim

steps like (extract)

chkconfig --list

chkconfig ircd off
chkconfig netfs off
chkconfig nfslock off
chkconfig openibd off
chkconfig portmap off
chkconfig restorecond off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig vsftpd off

useradd trixuser
passwd trixuser

/etc/ssh/sshd_config

AllowUsers trixuser
PermitRootLogin no
Port 2222

all fine

but i really want also is a ssh user with admin rights
so i decided to change back to initial status

since then my ssh root login dont work anymore
ssh trixuser is fine
root login in elastix server is ok

what can i do to get my ssh root login back againg?

thanks
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#2
To reverse Engineer Tim's work:

If you remove

AllowUsers trixuser
PermitRootLogin no
Port 2222


from /etc/ssh/sshd_config

and

/etc/init.d/sshd restart

(that is necessary or nothing will change) after this your sshd will be just as before.

If ANY ssh user has root privileges, you have not improved the security however, the idea is to

a) change the port to reduce drive-bys
b) disallow the gaping security risk of allowing any ip to attempt root login

so all those changes are a "good thing", the idea is to allow only a non-privileged account, and then after logging in with that account issue

su - root (or just su - )

which will then give you root access.

I suggest a more robust setup might be

allowusers <non privileged account>
RSAAuthentication yes
PermitRootLogin no
Port <some arbitrary port above 1024>
PasswordAuthentication no
PermitEmptyPasswords yes

and set up key pairs for authentication, make sure the keys work before PasswordAuthentication no or you will lock yourself out.

the su - thing will still work fine



for your reference:
http://www.faqs.org/docs/securing/chap15sec122.html
 

alben

Joined
Jan 20, 2010
Messages
28
Likes
0
Points
0
#3
SOLVED

thanks for your help
trick was i needed to remove trixuser anyway

now is ssh safe as manual
thanks for the su - hint
was not in my book which is not very good in linux
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#4
no it wasn't the trixuser, your sshd server remains as unsafe as ever if you removed those lines, check /var/log/secure for attempts on your box.
 

alben

Joined
Jan 20, 2010
Messages
28
Likes
0
Points
0
#5
i mean
i forgot to remove the trixuser line, but when i removed my ssh root login worked again just as if a new elastix install, i did that just for testing purposes, of course i aplied again the security hints, changed the trixuser name, etc
i get a dinamic public ip, also changed my freepbx password admin/admin
am i still unsafe?

what i need to change now is my ip/a2billing default admin/mypassword
how i do that?

now im looking at my var\secure file but how do i read if i was being hacked?

thank a lot my friend
 

alben

Joined
Jan 20, 2010
Messages
28
Likes
0
Points
0
#6
Securing trixbox C problem

Hello,
ever since i applied Securing trixbox CE,
i cant access to my elastix from outside my LAN,
I need that access so phones registers and have access a2billing from outside.

thanks
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#7
Re:Securing trixbox C problem

Maybe engineertim or the trixbox forum can help you here. Personally I have no interest in trixbox and your post only mentions ssh, I suggest you undo eberything you did bit by bit and see when it starts working again.
 

alben

Joined
Jan 20, 2010
Messages
28
Likes
0
Points
0
#8
Re:Securing trixbox C problem

my mistake, the router firewall was blocking
ssh is secure now
thanks
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,887
Members
17,566
Latest member
Fpino
Top