Hi,

I've configured my sshd_config with the following information and restarted on a debain 7 install:

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 1m
PermitRootLogin without-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM no
AllowUsers root testing
ClientAliveInterval 600
ClientAliveCountMax 0

However, it seems I am still able to login as root with a password when I am using the lish ajax web panel. In theory my settings should have stopped that, so what do I need to do it make it so that only my "testing" user can login with a password and root must use a SSH key?

Any help would be appreciated.

James

Hi James,

When you login via LISH, you are logging into the 'console' of your Linode.

Your SSH configuration has no involvement there.

If, for some reason you really want to disable root login via the console (and I'm not sure it's recommended), you could modify /etc/securetty.

Hope that helps!

[edited for readability, twice - sigh].