sshd_config won't keep settings

Discussion in 'Installation/Configuration' started by mgideon, May 12, 2006.

  1. mgideon

    mgideon New Member

    I've tried editing sshd_config and tried with webmin, but shortly after I make a change so root can ssh in, my file reverts back to
    PermitRootLogin without-password


    This is Mandrake 10.1. I checked to see if Tripwire or some other service was running but I didn't see anything obvious. Is there something Mandrake has turned on so files revert?

    Thanks,
    Mike
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Can you try to edit that file directly on the commandline, e.g. with vi?

    Which security level did you choose during Mandriva installation? If you choose high or paranoid, then Mandriva keeps track of changes to important files and reverts them back to their previous state... :(
     
  3. mgideon

    mgideon New Member

    reverting files

    I did use command line and vi to edit the file. I may have picked paraniod or medium. Is there a way to change it to low?

    Mike
     
  4. mgideon

    mgideon New Member

    reverting files

    I think you hit it. I found this.

    http://www.linode.com/wiki/index.php/Msec_Howto

    stating
    0 1 2 3 4 5
    root umask 022 022 022 022 022 077
    user umask 022 022 022 022 077 077
    shell timeout 0 0 0 0 3600 900
    deny services none none none none local all
    su only for wheel grp no no no no no yes
    shell history size default default default default 10 10
    direct root login yes yes yes yes no no
    remote root login yes yes yes yes no no
    sulogin for single user no no no no yes yes
    user list in [kg]dm yes yes yes yes no no
    promisc check no no no no yes yes
    ignore icmp echo no no no no yes yes
    ignore broadcasted icmp echo no no no no yes yes
    ignore bogus error responses no no no no yes yes
    enable libsafe no no no no yes yes
    allow reboot by user yes yes yes yes no no
    allow crontab/at yes yes yes yes no no
    password aging no no no no 60 30
    allow autologin yes yes yes no no no
    console log no no no yes yes yes
    issues yes yes yes local local no
    ip spoofing protection no no no yes yes yes
    dns spoofing protection no no no yes yes yes
    log stange ip packets no no no yes yes yes
    periodic security check no yes yes yes yes yes
    allow X connections yes local local no no no
    allow xauth from root yes yes yes yes no no
    X server listen to tcp tcp tcp tcp local local
    run msec by cron yes yes yes yes yes yes
    "." in $PATH yes yes no no no no
    So I am setting msec to 3 and seeing if that will work.

    Mike
     

Share This Page