PermitRootLogin 设置为否,但仍可以在 Centos Stream 9 上使用 root

PermitRootLogin 设置为否,但仍可以在 Centos Stream 9 上使用 root

我正在参加 RHCSA 培训课程,要禁用 root,我需要在 /etc/ssh/sshd_config 文件中将 PermitRootLogin 设置为 no,然后使用 systemctl 重新启动 sshd。我已完成所有操作,仍然可以以 root 身份登录。有人能告诉我该怎么做吗?谢谢。

输出ps

root         836       1  0 14:36 ?        00:00:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
root        3929    2956  0 15:03 pts/0    00:00:00 grep --color=auto ssh

内容/etc/ssh/sshd_config

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
#RekeyLimit default none
#SyslogFacility AUTH
#LogLevel INFO
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
AuthorizedKeysFile  .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
#HostbasedAuthentication no
#IgnoreUserKnownHosts no
#IgnoreRhosts yes
#PasswordAuthentication yes
#PermitEmptyPasswords no
#KbdInteractiveAuthentication yes
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no
#UsePAM no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
#Banner none
Subsystem   sftp    /usr/libexec/openssh/sftp-server
#Example of overriding settings on a per-user basis
#Match User anoncvs
#Setting timeout interval
ClientAliveInterval 600
ClientAliveCountMax 0

答案1

检查 /etc/ssh/sshd_config.d/* 中的文件,其中可能有“PermitRootLogin yes”指令

在 CentOS 9 上,我在文件 /etc/ssh/ssh_config.d/50-redhat.conf /etc/ssh/sshd_config.d/01-permitrootlogin.conf 中有“PermitRootLogin yes”

相关内容