permission problems w/ ordinary user ....

Mike Clarke jmc-freebsd2 at
Sun Aug 3 09:27:05 UTC 2014

On Saturday 02 August 2014 18:59:09 William A. Mahaffey III wrote:
> On 08/02/14 18:45, Roland Smith wrote:
> > On Sat, Aug 02, 2014 at 06:28:47PM -0500, William A. Mahaffey III 


> >> I can ssh in as root no sweat
> > 
> > Yikes. That is usually the first thing I'd disable!
> > 
> > 
> > Roland
> I do that (easy root login) on purpose, my LAN is not internet
> exposed (except when I'm browsing)

You can make things a bit more secure by requiring ssh keys instead of 
a password for remote access.

Use ssh-keygen to generate your keys then append your ~/ssh/ 
to /root/.ssh/authorized_keys on the machine where you need root 

Then make these changes to /etc/ssh/sshd_config on the remote machine 
and restart sshd.

--- /usr/src/crypto/openssh/sshd_config 2013-01-12 13:21:39.235909173 
+++ /etc/ssh/sshd_config        2013-01-12 13:20:23.078909059 +0000
@@ -45,4 +45,5 @@
 #LoginGraceTime 2m
 #PermitRootLogin no
+PermitRootLogin without-password
 #StrictModes yes
 #MaxAuthTries 6
@@ -64,5 +65,5 @@
 # Change to yes to enable built-in password authentication.
-#PasswordAuthentication no
+PasswordAuthentication no
 #PermitEmptyPasswords no

NB. If you don't have physical access to the remote machine then be 
very careful not to make any mistakes which could lock you out of it. 
In particular make sure you have set up your keys and edited 
/root/.ssh/authorized_keys correctly before reconfiguring sshd. To be 
on the safe side confirm that you can make a successful remote login 
from another terminal window before closing your current remote 

Mike Clarke

More information about the freebsd-questions mailing list