PDA

View Full Version : sshd_config won't keep settings

mgideon
12th May 2006, 19:22
I've tried editing sshd_config and tried with webmin, but shortly after I make a change so root can ssh in, my file reverts back to
PermitRootLogin without-password


This is Mandrake 10.1. I checked to see if Tripwire or some other service was running but I didn't see anything obvious. Is there something Mandrake has turned on so files revert?

Thanks,
Mike
falko
12th May 2006, 22:18
Can you try to edit that file directly on the commandline, e.g. with vi?

Which security level did you choose during Mandriva installation? If you choose high or paranoid, then Mandriva keeps track of changes to important files and reverts them back to their previous state... :(
mgideon
13th May 2006, 00:42
I did use command line and vi to edit the file. I may have picked paraniod or medium. Is there a way to change it to low?

Mike
mgideon
13th May 2006, 01:08
I think you hit it. I found this.

http://www.linode.com/wiki/index.php/Msec_Howto

stating
0 1 2 3 4 5
root umask 022 022 022 022 022 077
user umask 022 022 022 022 077 077
shell timeout 0 0 0 0 3600 900
deny services none none none none local all
su only for wheel grp no no no no no yes
shell history size default default default default 10 10
direct root login yes yes yes yes no no
remote root login yes yes yes yes no no
sulogin for single user no no no no yes yes
user list in [kg]dm yes yes yes yes no no
promisc check no no no no yes yes
ignore icmp echo no no no no yes yes
ignore broadcasted icmp echo no no no no yes yes
ignore bogus error responses no no no no yes yes
enable libsafe no no no no yes yes
allow reboot by user yes yes yes yes no no
allow crontab/at yes yes yes yes no no
password aging no no no no 60 30
allow autologin yes yes yes no no no
console log no no no yes yes yes
issues yes yes yes local local no
ip spoofing protection no no no yes yes yes
dns spoofing protection no no no yes yes yes
log stange ip packets no no no yes yes yes
periodic security check no yes yes yes yes yes
allow X connections yes local local no no no
allow xauth from root yes yes yes yes no no
X server listen to tcp tcp tcp tcp local local
run msec by cron yes yes yes yes yes yes
"." in $PATH yes yes no no no no
So I am setting msec to 3 and seeing if that will work.

Mike