SSH - Advice with adding new user and stopping root logon

greavette · 07-05-2009, 09:58 PM

Hello,

I think I know the answer to this, but I'd like to check with the community to make sure I'm doing this correctly.

I've added a rule to my Untangle to not allow SSH access from outside my network. When I need too, I login through the remote administration and temporarily turn the rule off. Usually I access SSH through a PC that is on my network, but I like having this rule just in case I can't get to a PC on my network and I need to access the command line from outside the network.

So now I want to not allow root access to my box through SSH. Please confirm for me that the following steps are the right ones to take:

I login to Untangle with my root account to the terminal (through SSH).
I create a new user with the useradd command.
I give this new user a password.
I then edit the sudoers file with 'sudo visudo'.
I update the sudoers file with "username ALL=(ALL) ALL" where username is my new user I created.
I then edit the /etc/ssh/sshd_config file to "PermitRootLogin no"
I'll also add the following to only allow my new username to access through ssh: "AllowUsers username"
I can then exit my session under root and now only login through SSH with my new user.

I don't want to mess up my untangle box since it is in a remote location and I don't have anyone at the office I can rely on to fix it for me if I don't have access to the command line.

Thanks in advance for you help.

sky-knight · 07-05-2009, 10:13 PM

Yes you can configure the SSH service to do this all you want.

You can also be lazy and do what I do... openvpn and SSH over the tunnel.

greavette · 07-06-2009, 04:17 AM

Thanks sky-knight for your help! I do have OpenVPN setup for my network, but I like to have options when it comes to the tools that allow me to administer our networks resources (Hamachi, OpenVPN, SSH).

So, for your networks...do you create a new user for terminal access, or do you continue to use the root user but from only within your network?

Thanks!

07-05-2009, 09:58 PM	#1 (permalink)
greavette Untangler Join Date: Mar 2008 Location: Waterloo, Canada Posts: 50	SSH - Advice with adding new user and stopping root logon Hello, I think I know the answer to this, but I'd like to check with the community to make sure I'm doing this correctly. I've added a rule to my Untangle to not allow SSH access from outside my network. When I need too, I login through the remote administration and temporarily turn the rule off. Usually I access SSH through a PC that is on my network, but I like having this rule just in case I can't get to a PC on my network and I need to access the command line from outside the network. So now I want to not allow root access to my box through SSH. Please confirm for me that the following steps are the right ones to take: I login to Untangle with my root account to the terminal (through SSH). I create a new user with the useradd command. I give this new user a password. I then edit the sudoers file with 'sudo visudo'. I update the sudoers file with "username ALL=(ALL) ALL" where username is my new user I created. I then edit the /etc/ssh/sshd_config file to "PermitRootLogin no" I'll also add the following to only allow my new username to access through ssh: "AllowUsers username" I can then exit my session under root and now only login through SSH with my new user. I don't want to mess up my untangle box since it is in a remote location and I don't have anyone at the office I can rely on to fix it for me if I don't have access to the command line. Thanks in advance for you help.

07-05-2009, 10:13 PM	#2 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 7 Posts: 9,951	Yes you can configure the SSH service to do this all you want. You can also be lazy and do what I do... openvpn and SSH over the tunnel. __________________ Intouch Technology Rob Sandling, BS:SWE, MCP Office: 480-272-9889 rob@intouchtechllc.com

07-06-2009, 04:17 AM	#3 (permalink)
greavette Untangler Join Date: Mar 2008 Location: Waterloo, Canada Posts: 50	Thanks sky-knight for your help! I do have OpenVPN setup for my network, but I like to have options when it comes to the tools that allow me to administer our networks resources (Hamachi, OpenVPN, SSH). So, for your networks...do you create a new user for terminal access, or do you continue to use the root user but from only within your network? Thanks!