Linux – How to allow ssh to root user only from the local network

centos6linuxssh

I've installed Google-Authenticator on a CentOS 6.5 machine and configured certain users to provide OTP.

While editing /etc/ssh/sshd_config I saw a directive "PermitRootLogin" which is commented out by default.

I would like to set "PermitRootLogin no" but to still be able to ssh to the machine as root only from the local network.

Is that possible?

Best Answer

Use the Match config parameter in /etc/ssh/sshd_config:

# general config
PermitRootLogin no 

# the following overrides the general config when conditions are met. 
Match Address  192.168.0.*
    PermitRootLogin yes

See man sshd_config

Related Solutions

SSH – Accessing SSH_AUTH_SOCK from Another Non-Root User

There are two things you need to do:

set the SSH_AUTH_SOCK variable so it points to the correct file
allow the other user to connect to the socket (using file system permissions)

Therefore, what you could do is:

As user1, allow user2 to connect to the socket (full access to the socket and permissions to enter the directory). I hope your /tmp allows ACLs.

setfacl -m u:user2:rw $SSH_AUTH_SOCK
setfacl -m u:user2:x $(dirname $SSH_AUTH_SOCK)

Change to the other user, and export the variable correctly.

sudo -u user2 env SSH_AUTH_SOCK=$SSH_AUTH_SOCK ssh user3@machine2

If you want to open an interactive shell using sudo, you would have to export the SSH_AUTH_SOCK variable yourself after you get the shell.

Linux – Setup public key authorized SSH for non-root users

Remove the authorized_keys entry in your config file. Restart sshd. Make a .ssh directory in your non-root user home directory. Put the key in a file called ~/.ssh/authorized keys. Make the directory 0700 and the authorized_keys file 0644. Do the same for the root user.

Best Answer

Related Solutions

SSH – Accessing SSH_AUTH_SOCK from Another Non-Root User

Linux – Setup public key authorized SSH for non-root users

Related Topic