Thursday, December 19, 2013

Root User SSH PermitRootLogin is Disabled > Any Impact On the Cluster During Recovery

www.unixbabuforum.inAs Per customer's request, we disabled root ssh login on cluster nodes and install server. Linux users other than 'root' can ssh the nodes, and can change to 'root' with 'su' command.

I am just wondering if there is any impact to the system (OS level & applications) when root ssh login disabled.
For example, during the? cluster recovery,the two nodes need sync each other on some phases... Once the root ssh login disabled, is there any problem to synchronize each other?

To disable root ssh login:
# vi /etc/ssh/sshd_config
:
;
PermitRootLogin no
;
After changes, run '/etc/init.d/sshd restart'

 
www.unixbabuforum.inI think the way oracle gets around this is to have a set of commands
enabled with sudo with the NOPASSWD option, so the ssh connection happens
as the oracle user - ie : ssh -t oracle@node2 "sudo /path/to/command
option1 option 2"

sudo also gives you some ability to track who is giving root level commands
where once everyone su - to root you lose some of that ability
 
 
www.unixbabuforum.in There will be no  any impact if you set permitrootlogin no ... in
cluster.

But make sure you have password less authentication between two servers.
 
www.unixbabuforum.in It depends on your organization's security policies.

I work at a large company and policy requires root access only from the
physical console or ilo

Pci compliance also restricts direct root logins as well
 
www.unixbabuforum.inyou cannot execute " ssh root@hostname " to the system where the
specified parameter is set to no
you need to login as ordinary user and use sudo or other elevation
software to become root

0 comments:

Post a Comment

 
Design by BABU | Dedicated to grandfather | welcome to BABU-UNIX-FORUM