问题描述
我想调整ubuntu云版本默认设置,其中拒绝root登录。
尝试连接到这样的机器会产生:
maxim@maxim-desktop:~/workspace/integration/deployengine$ ssh root@ec2-204-236-252-95.compute-1.amazonaws.com
The authenticity of host 'ec2-204-236-252-95.compute-1.amazonaws.com (204.236.252.95)' can't be established.
RSA key fingerprint is 3f:96:f4:b3:b9:4b:4f:21:5f:00:38:2a:bb:41:19:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-204-236-252-95.compute-1.amazonaws.com' (RSA) to the list of known hosts.
Please login as the ubuntu user rather than root user.
Connection to ec2-204-236-252-95.compute-1.amazonaws.com closed.
我想知道在哪个配置文件中通过ssh进行的根阻止配置以及如何更改打印的消息?
最佳方法
这是个老问题,但是没有人真正回答您,我也有同样的问题:此配置来自何处?
它源自cloudinit,精确地位于/usr/lib/python2.7/dist-packages/cloudinit/config中的cc_ssh.py中
这又直接取决于文件/etc/cloud/cloud.cfg。您会找到disable_root: true行。
您应该可以通过调整user-data并添加disable_root: false行来覆盖它。您的cloud-provider应该使user-data可配置。
次佳方法
假设您的sshd配置具有PermitRootLogin yes。
sudo grep "login as the ubuntu user" /root/.??*
但是,麦克·斯科特提供的链接是我强烈建议您仔细阅读并留意的链接。
ROOT SSH
Finally, if you wish to circumvent the Ubuntu security standard and revert to the old practice of allowing ssh and rsync as root, this command will open it up for a new instance of the official Ubuntu images:
ssh -i KEYPAIR.pem ubuntu@HOSTNAME 'sudo cp /home/ubuntu/.ssh/authorized_keys /root/.ssh/'This is not recommended, but it may be a way to get existing EC2 automation code to continue working until you can upgrade to the sudo practices described above.
我将禁用root SSH登录,因为任何启用了SSH的面向公众的服务器都会被犯罪僵尸网络的root登录尝试日以继夜地破坏。
其他文档警告
Enabling the Root account is rarely necessary. Almost everything you need to do as administrator of an Ubuntu system can be done via sudo or gksudo. If you really need a persistent Root login, the best alternative is to simulate a Root login shell using the following command…
sudo -i
第三种方法
答案在这里:http://alestic.com/2009/04/ubuntu-ec2-sudo-ssh-rsync
将authorized_keys文件从ubuntu帐户复制到根帐户。密码登录已禁用,因此您必须具有有效的ssh密钥才能登录到任何帐户。