NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
SSH: Deactivate root account and use a "non-root" one?
Hi all, this is my first post, but I follw this very useful forum since I got my readynas, one year ago. I usually like to play with ssh protocol to gain acces to my home readynas Duo from my workpl...
I would proceed in this way:
1. Open a ssh session with the root account
2. Give user User1 the rights to open an ssh session
- edit the file /etc/passwd.
- the first row should start with root:... and end with :/bin/bash. Leave as it is for the moment
- look at the row starting with an account you have created with frontview (e.g. User1). The row should end with :/bin/false. Replace /false by /bash and save the file. The account user1 has now the permission to open a ssh session.
3. Give user User1 the rights to execute the command "sudo"
- adduser user1 sudo (this will make user1 member of the group sudo)
- edit the file /etc/sudoers and add the line:
%sudo ALL= NOPASSWD : ALL
- safe the file. User1 has now the rights to launch the command "sudo" from the ssh session
4. Test the ssh connection opened by User1.
- open a new ssh session with User1 and User1 password. You should get the $ prompt.
5. Test sudo
- in the session opened by User1 type the command
sudo bash
- You should get the prompt #. You are now logged as root. That is what you wanted to achieve!
6. Remove root's permission to open an ssh session.
- edit the /etc/passwd file and replace /bash by /false at the end of the row starting with root:. Save the file. Root should no longer have the ability to open a ssh session.
That is it !
Make sure to made backup copies of your /etc/passwd and /etc/sudoers files before doing all this. Just in case ...
5;
1. Open a ssh session with the root account
2. Give user User1 the rights to open an ssh session
- edit the file /etc/passwd.
- the first row should start with root:... and end with :/bin/bash. Leave as it is for the moment
- look at the row starting with an account you have created with frontview (e.g. User1). The row should end with :/bin/false. Replace /false by /bash and save the file. The account user1 has now the permission to open a ssh session.
3. Give user User1 the rights to execute the command "sudo"
- adduser user1 sudo (this will make user1 member of the group sudo)
- edit the file /etc/sudoers and add the line:
%sudo ALL= NOPASSWD : ALL
- safe the file. User1 has now the rights to launch the command "sudo" from the ssh session
4. Test the ssh connection opened by User1.
- open a new ssh session with User1 and User1 password. You should get the $ prompt.
5. Test sudo
- in the session opened by User1 type the command
sudo bash
- You should get the prompt #. You are now logged as root. That is what you wanted to achieve!
6. Remove root's permission to open an ssh session.
- edit the /etc/passwd file and replace /bash by /false at the end of the row starting with root:. Save the file. Root should no longer have the ability to open a ssh session.
That is it !
Make sure to made backup copies of your /etc/passwd and /etc/sudoers files before doing all this. Just in case ...
5;
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
