Translate

Tuesday 25 March 2014

Restrict Root Access to server



Adding user with root privileges
sudo useradd -m testuser
sudo passwd testuser
sudo usermod -s /bin/bash testuser

Restart ssh
/etc/init.d/ssh restart

Check your access can ssh but not able to have root access
Open the file sudoers  
vim /etc/sudoers

Add the following lines below the root line in the file
testuser ALL=(ALL:ALL) ALL
write quite

Service ssh restart
/etc/init.d/ssh restart

Check again for root access. Got access.

Changing ssh port. Edit sshd_config file
vim /etc/ssh/sshd_confing
Port 22
change it to desired one

wq

service ssh restart

Check again with new port

ssh -p 220 testuser@SERVER_IP

Successfully logged in.

Restricting root user from direct login.
Edit sshd_config and add

PermitRootLogin no

and comment PermitRootLogin yes

service ssh restart



Now adding sftp users

create backup of sshd_config
Create new users with home directories
Create their passwords
Add it to group


Posted by at No comments:
Labels: ,

FreeRadius PAP Authentication Issue : WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject ().[pap] Passwords don't match

If you are seeing this in radius log

WARNING: Unprintable characters in the password.  Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject ([pap] Passwords don't match).

 [pap] login attempt with password "5?q¦¦?!##+Y?E¦¦"
[pap] Using clear text password "mypassword"

Do nothing until this warning is disappeared. To troubleshoot this use following

1) Match your key as described in warning .(NAS shared secret and shared secret on other Service like VPN in my case )

2) If keys are same and still FreeRadius is NOT Authenticating then change your secret to some simple secret like ("mysecret"). This may be due to too long shared secret or data type conversion mismatch between your Radius server and Service Shared Secret.

NOTE: You have to change shared secret on three locations.

1) Radcheck database table in Radius Server
2) /etc/raddb/clients.conf (In case of CentOS)
3) /etc/openvpn/radiusplugin.cnf

This will solve your issue. For more understanding you can see Defining Shared Secret on official documentation of Radius Server. link


Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)