Allowing users to ‘su’ to “root” / Allowing ‘root’ to login directly to the system using ‘ssh’

# Tested on RHEL 5, 6 & 7
# Allowing users to “su” to ‘root’
# ——————————————————————————————# On a secured server regular users are not allowed to become ‘root’ by issuing “su” command

/etc/pam.d/su file usually limits users that can become ‘root’ to those belonging to
# ‘wheel’ group
# This way, to allow a user to become ‘root’ it should be added to ‘wheel’ group:

usermod -g wheel <username>

# To allow all users to become super user (root), comment out following line in
# /etc/pam.d/su file (if line is uncommented only ‘wheel’ users will be able to do it):

   auth            required        pam_wheel.so use_uid

# To allow users in ‘wheel’ group to become ‘root’ without providing a password uncomment
# following line in /etc/pam.d/su file

   #auth           sufficient      pam_wheel.so trust use_uid

# State of these two lines can be combined in order to have one or other behaviour
# Allowing ‘root’ to login directly to the system via ssh
# ——————————————————————————————

# Usually, after a fresh installation, ‘root’ is not able to login to the system via “ssh”
# To allow, verify/modify following files as necessary

sshd_config: If existing, change “PermitRootLogin no” to “PermitRootLogin yes”

vi /etc/ssh/sshd_config
[…]
   PermitRootLogin yes
[…]

# This change requires a restart of sshd daemon:

# RHEL 5/6:service sshd restart

# RHEL 7: systemctl restart sshd
access.conf: Change “-: root : ALL” to “+: root : ALL”vi /etc/security/access.conf
[…]
   +: root : ALL
[…]

# Take into account that modifying this options can compromise the security of a system.

ZOSTAW ODPOWIEDŹ

Please enter your comment!
Please enter your name here