1

I am trying to prevent remote access for my laptop.

I went into sshd_config to try and set it up. My IT guy recommended the following changes to accomplish this:

PermitRootLogin no
PubkeyAuthentication no
PasswordAuthentication no

However, when I went to make the changes the line of code says:

#PermitRootLogin prohibit

This seems like a double negative. so yes means prohibit and no means don't prohibit. Can anyone confirm?

totalynotanoob
  • 508
Jay Boyle
  • 21
  • What do you mean ? With the "when I went to make the changes the line of code says: #PermitRootLogin prohibit " – William Martens Oct 08 '20 at 16:59
  • 1
    When I go into the the config file the line of code says:

    #LoginGraceTime 2m #PermitRootLogin prohibit-no #StrictModes yes #MaxAuthTries 6 #MaxSessions 10

     – Jay Boyle Oct 08 '20 at 17:11
  • Please clarify your release(s). Ubuntu uses yy releases only for specialist snap based releases for IoT appliances/devices or cloud based VMs (having done so since 2016). Main releases use yy.mm such as used by server & desktops releases. There is no Ubuntu 18, the closest being Ubuntu Core 18 – guiverc Oct 08 '20 at 21:27

1 Answers1

0

From: How do I disable remote SSH login as root from a server?

Put the following line to /etc/ssh/sshd_config:

PermitRootLogin no

Afterwards; restart the service

sudo service ssh restart

EDIT: If you never going to use ssh what so ever, (like, never going to) why not disable it completely?

sudo service ssh stop.

If you have it running.

Disable it too (If you never going to use it)

sudo systemctl disable ssh
William Martens
  • 1,003
  • 1
    So you are saying I should delete "prohibit" from the line?
    that is change "#PermitRootLogin prohibit-no" to "#PermitRootLogin -no"     – Jay Boyle Oct 08 '20 at 17:24
  • Yes. It's kind of confusing I have to admit, but yes. – William Martens Oct 08 '20 at 17:26
  • @JayBoyle I edited my answer, probably better now. In case you never going to use ssh, you can disable it. – William Martens Oct 08 '20 at 17:31
  • Very strange after I made your original suggested change and rebooted the system it did not recognize the wireless adapter. i.e. I lost my internet connection – Jay Boyle Oct 08 '20 at 17:43
  • What do you mean? Can you please provide log/screenshot, this seems very strange indeed.. – William Martens Oct 08 '20 at 17:46
  • I just went back into the config file an reversed that. so now I am back on line.

    I will try to disable the ssh now instead.

     – Jay Boyle Oct 08 '20 at 17:49
  • @JayBoyle Oh- It was kind of confusing I thought you first had disabled ssh, or something else, anyway hope it gets solved, //Regards. – William Martens Oct 08 '20 at 17:50
  • Lines starting with a # sign are comments - the values shown there in the original config file just indicate the compiled-in defaults. AFAIK prohibit-no is not a valid value for the PermitRootLogin parameter (but it doesn't matter - since the line is commented out) and was probably created by someone editing the file previously. – steeldriver Oct 08 '20 at 19:28
  • Yeah; I assume @JayBoyle removed the # before saving the file, and tried it (hopefully) – William Martens Oct 08 '20 at 19:30
  • 1
    OK just to circle back with @WilliamMartens
    1. I disable SSH per your instructions.

    $ sudo systemctl disable ssh And the final line on my terminal says "Removed /etc/systemd/system/sshd.service."

    Then when I run a rkhunter the program says that ssh root access is still allowed. How can that be?

     – Jay Boyle Oct 08 '20 at 21:19
  • @JayBoyle Oh, I have no idea, hope someone with expertise in this subject comes along and can explain; Sorry & Hope it gets solved, :/ //Best wishes – William Martens Oct 09 '20 at 07:54