{"id":52,"date":"2022-03-31T16:11:00","date_gmt":"2022-03-31T14:11:00","guid":{"rendered":"https:\/\/blubb.fish\/?p=52"},"modified":"2022-03-25T10:55:15","modified_gmt":"2022-03-25T09:55:15","slug":"ssh-root-login-from-specific-hosts","status":"publish","type":"post","link":"https:\/\/blubb.fish\/index.php\/2022\/03\/31\/ssh-root-login-from-specific-hosts\/","title":{"rendered":"SSH root login from specific hosts"},"content":{"rendered":"\n

you normally should disable root login via sshd for security reasons. So no one can get access directly to root and login with highest privileges<\/p>\n\n\n\n

But in some cases root access is needed from management Machines or others.
With the following changes in the sshd_config it should work.<\/p>\n\n\n\n

Setup:<\/p>\n\n\n\n

open the file \/etc\/ssh\/sshd_config and remove the Line “PermitRootLogin”<\/p>\n\n\n\n

$ sed -i 's\/^PermitRootLogin\/#PermitRootLogin\/g' \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
this will render the default Setting of PermitRootLogin ineffective.<\/p>\n\n\n\n
Now we add the block for the access from specific machines<\/p>\n\n\n\n
open file for write:<\/p>\n\n\n\n
$ vim \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
now copy and paste the following into the config file:<\/p>\n\n\n\n
Match Address 127.0.0.1,::1,192.168.1.10\n    PermitRootLogin yes\nMatch all\n    PermitRootLogin no<\/code><\/pre>\n\n\n\n
Adding this to the configuration will allow root login from<\/p>\n\n\n\n
  • localhost (IPv4)<\/li>
  • localhost (IPv6)<\/li>
  • host 192.168.1.10<\/li><\/ul>\n\n\n\n
    From all others (Match all) the access will be denied<\/p>\n","protected":false},"excerpt":{"rendered":"
    you normally should disable root login via sshd for security reasons. So no one can get access directly to root and login with highest privileges But in some cases root access is needed from management Machines or others.With the following changes in the sshd_config it should work. Setup: open the file \/etc\/ssh\/sshd_config and remove the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[7,8,9],"class_list":["post-52","post","type-post","status-publish","format-standard","hentry","category-linux","tag-linux","tag-login","tag-root"],"_links":{"self":[{"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/posts\/52","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/comments?post=52"}],"version-history":[{"count":1,"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/posts\/52\/revisions"}],"predecessor-version":[{"id":53,"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/posts\/52\/revisions\/53"}],"wp:attachment":[{"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/media?parent=52"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/categories?post=52"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/tags?post=52"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}