Untangle Forums - View Single Post - SSH - Advice with adding new user and stopping root logon

greavette · 07-05-2009, 10:58 PM

Hello,

I think I know the answer to this, but I'd like to check with the community to make sure I'm doing this correctly.

I've added a rule to my Untangle to not allow SSH access from outside my network. When I need too, I login through the remote administration and temporarily turn the rule off. Usually I access SSH through a PC that is on my network, but I like having this rule just in case I can't get to a PC on my network and I need to access the command line from outside the network.

So now I want to not allow root access to my box through SSH. Please confirm for me that the following steps are the right ones to take:

I login to Untangle with my root account to the terminal (through SSH).
I create a new user with the useradd command.
I give this new user a password.
I then edit the sudoers file with 'sudo visudo'.
I update the sudoers file with "username ALL=(ALL) ALL" where username is my new user I created.
I then edit the /etc/ssh/sshd_config file to "PermitRootLogin no"
I'll also add the following to only allow my new username to access through ssh: "AllowUsers username"
I can then exit my session under root and now only login through SSH with my new user.

I don't want to mess up my untangle box since it is in a remote location and I don't have anyone at the office I can rely on to fix it for me if I don't have access to the command line.

Thanks in advance for you help.

07-05-2009, 10:58 PM	#1 (permalink)
greavette Untangler Join Date: Mar 2008 Location: Waterloo, Canada Posts: 50	SSH - Advice with adding new user and stopping root logon Hello, I think I know the answer to this, but I'd like to check with the community to make sure I'm doing this correctly. I've added a rule to my Untangle to not allow SSH access from outside my network. When I need too, I login through the remote administration and temporarily turn the rule off. Usually I access SSH through a PC that is on my network, but I like having this rule just in case I can't get to a PC on my network and I need to access the command line from outside the network. So now I want to not allow root access to my box through SSH. Please confirm for me that the following steps are the right ones to take: I login to Untangle with my root account to the terminal (through SSH). I create a new user with the useradd command. I give this new user a password. I then edit the sudoers file with 'sudo visudo'. I update the sudoers file with "username ALL=(ALL) ALL" where username is my new user I created. I then edit the /etc/ssh/sshd_config file to "PermitRootLogin no" I'll also add the following to only allow my new username to access through ssh: "AllowUsers username" I can then exit my session under root and now only login through SSH with my new user. I don't want to mess up my untangle box since it is in a remote location and I don't have anyone at the office I can rely on to fix it for me if I don't have access to the command line. Thanks in advance for you help.