Linux help please!

**deKoy** · 02-24-2008, 06:57 PM

I did this step in a security tutorial for CentOS 5:

Originally Posted by 1esproc

[*] Reconfigure OpenSSH
Open /etc/ssh/sshd_config with vi and find the line with Port (enter /Port in command mode to search.) Change it to a number above 1024, I personally go with a 5-digit number no greater than 30000. Make sure you update your profile in your client to use the new port in future connections. While in sshd_config you should make some other changes, so edit or verify that the following settings match these values:

Protocol 2
MaxAuthTries 4
PermitRootLogin no
PermitEmptyPasswords no
ClientAliveInterval 600
Banner /etc/ssh/banner

I exited the session and I can't log in to root now =( I wasn't done! How can I fix this? I made a different username and password that works but it has restricted access.

**dythim** · 02-24-2008, 07:06 PM

There are a few things you can do:

1) As the different user, sudo su - to root
2) As the different user, su root
3) Reboot the machine and enter run level 1 (you will have to modify the boot parameters in grub)

Hope this helps

**deKoy** · 02-24-2008, 07:24 PM

So like " sudo vi /etc/ssh/sshd_config"? I get "dekoy is not in the sudoers file. This incident will be reported."

**dythim** · 02-24-2008, 07:28 PM

That means you didn't setup sudoers for the user "dekoy". You may want to try to "su root". Otherwise, you may need to have someone reboot the box and go into run level 1.

In /etc/ssh/sshd_config:
PermitRootLogin no

That is a security option that should be set once you setup your user account with the correct sudo privileges.

In the future, you should just leave a root shell open if you're applying any changes that could lock you out.

**naq** · 02-24-2008, 07:30 PM

You shouldn't have used this line:

PermitRootLogin no

While logged in as the other user, type "su" to change to root, edit the sshd_config again, change the above line to yes, then restart it:

/etc/init.d/sshd restart

**deKoy** · 02-24-2008, 07:31 PM

When I type su, it askes me for a password, I enter in the one for the username I created but it says incorrect password.

**dythim** · 02-24-2008, 07:34 PM

You can do step 3 if you have access to the remote console or a KVM switch.

**fisherman** · 02-24-2008, 07:35 PM

Hopefully some of the linux guru's can help you out on this, but if your running linux on a server the best thing to do would be to request a re-install to save all the time messing about.

I had a problem similar to this before and I "wasted" hours trying to sort it out and in the end I went for the re-install.

When you get a new server the best security precaution is to right away update the kernel by typing >> yum update kernel, then change the password your provider gave u buy typing passwd and creat some crazy password with lots of @%^:? ect.... and following instructions.

Sorry can't be more help to you and good luck