Ahh ok, I misunderstood the without-password to mean they can login without a password. Guess that makes more sense. I can't imagine a situation except for possibly embedded and not connected to the internet that you would want root to login without a password.
On Mon, Feb 3, 2014 at 11:48 AM, Lonnie Olson <li...@kittypee.com> wrote: > On Sun, Feb 2, 2014 at 4:55 PM, S. Dale Morrey <sdalemor...@gmail.com> > wrote: > > Has anyone here managed to completely eliminate a root password once it's > > set? > > I setup a server to be certificate auth for SSH. But I seem to still be > > able to SSH in with a password too. > > /etc/ssh/sshd_config > PermitRootLogin no # root cannot login at all > or > PermitRootLogin without-password # root can only login via SSH keys > > Or go a step further and lock the user root completely and rely on > sudo for privilege escalation. > usermod -L root > > --lonnie > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */