|
Log into each server as root. First
add "cpanel and admin" to the wheel group (admin should be your normal
user without root permissions that you first log into the server with,
then su to root; admin should have a completely separate password from
root).
- Edit /etc/group
- Locate wheel
- Add the following after root:
,cpanel,admin
- Save the file
Change the group access to su so that is belongs to the
group wheel
chgrp wheel /bin/su
Change the mode of the file so that root has read, write
and execute, the group wheel has read and execute and everyone else has
now rights
chmod 4750 /bin/su
Edit to su config file => /etc/pam.d/su
uncomment the line beneath
# Uncomment the following line to the user to be in the wheel group
Limiting network access to root
This allows root to log on only at the server console
Edit /etc/securetty
comment out everything except for the lines
Now, edit your SSH configuration file as follows:
- Edit /etc/ssh/sshd_config
- Locate #Protocol 2, 1
- Uncomment it and change it to look like
Protocol 2
- Add the following line:
AllowGroups wheel
- Next, locate #LoginGraceTime
Uncomment it and change the value (it may be 120 or 600) to 20s
- Next, locate #PermitRootLogin yes (it may already be
uncommented)
- Uncomment it and make it look like
PermitRootLogin without-password
- Locate #IgnoreRhosts yes (it
may already be uncommented)
- Uncomment it (remove the #)
- Locate X11Forwarding no
- Uncomment it.
- Locate PermitEmptyPasswords No
- Uncomment it.
- Save the file
Now restart sshd by doing
/etc/rc.d/init.d/sshd restart
|
