Hi, I'm new to tectia SSH, i would like to know how to configure the ssh-server-config.xml to deny direct root login from a pc with ssh client installed? The server is installed with with ssh tectia server version 6.07. Previously we have openssh and we edit the sshd-config with "PermitRootLogin no" and root was not able to be use as a login id. You can still su to root after you have sucessfully login. In tectia SSH i believe there's a similar setting but i 'm not able to set the correct setting to deny root login.
the following is the entry in the ssh-server-config.xml
Can someone enlighten me with a sample config file with root denied to login?
Switch the authentication rules
The way that selector rules work is that the first one to match will be used. Therefore in your example since the Default-Authentication rule comes first and has no selectors it will match to all users and the second rule will not be processed. If you switch the rules around (so that the denyadmin rule is first) it should work.
This way the first authentication rule will only match privileged users (i.e. root) and deny login, for the rest of the users the first rule will not match and they'll proceed to the second rule which matches for all.
So it would look like this:
answered Nov 01 '10 at 07:08