Root Security

s=/etc/ssh/sshd_config;r=PermitRootLogin;cp $s{,.old}&& if grep $r $s;then sed "s/$r yes/$r no/" $s.old > $s; else echo $r no >> $s;fi
This will tighten up security for your box. The default value for PermitRootLogin sadly is 'yes'.

By: kzh
2011-01-30 23:41:59

What Others Think

sed -i.old 's/PermitRootLogin.*yes/PermitRootLogin no/' /etc/ssh/sshd_config && /etc/init.d/ssh reload
forcefsck · 424 weeks and 6 days ago
Yours will not add 'PermitRootLogin no' if the key does not exist at all in the file, however making the execution of your script a failed exercise. The default value of 'PermitRootLogin' is sadly 'yes'! So, since I have built in this precautionary part, why do I get a downvote without an actual well thought reason why?
kzh · 424 weeks and 5 days ago
you got my upvote--even though I would have done it in Perl. =)
linuxrawkstar · 424 weeks and 4 days ago
@linuxrawkstar, you should post your perl one-liner.
kzh · 424 weeks and 4 days ago
@kzh, i didn't vote you down, i didn't vote at all. What I posted was just an instantaneous "or something like this". Actually your script doesn't have anything special worth voting for. It doesn't change the security level (no ssh reload), it's hardly a one-liner (some independent commands in the same line) and it doesn't take care all the cases, like when PermitRootLogin is commented out. sorry if I sound critical
forcefsck · 424 weeks and 3 days ago
Sorry, I did not direct that at you, just to whomever. You're right about the comments, though... on both of ours. I am sure somebody could do this with one `ed` script. I would like to see that.
kzh · 424 weeks and 3 days ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this? is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.


Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: