From owner-freebsd-questions@FreeBSD.ORG Tue Nov 23 04:43:17 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 997DE16A4CE for ; Tue, 23 Nov 2004 04:43:17 +0000 (GMT) Received: from outbox.allstream.net (outbox.allstream.net [207.245.244.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 489E143D46 for ; Tue, 23 Nov 2004 04:43:17 +0000 (GMT) (envelope-from epilogue@allstream.net) Received: from localhost (mon-pq64-016.dial.allstream.net [216.123.138.16]) by outbox.allstream.net (Allstream MTA) with SMTP id 46962EB2CF; Mon, 22 Nov 2004 23:43:15 -0500 (EST) Date: Mon, 22 Nov 2004 23:43:02 -0500 From: epilogue To: Ivan Georgiev Message-ID: <20041122234302.538594d0@localhost> In-Reply-To: <200411222237.19660.georgiev@vt.edu> References: <200411201921.27880.georgiev@vt.edu> <200411220005.33354.georgiev@vt.edu> <20041122220140.1c87273d@localhost> <200411222237.19660.georgiev@vt.edu> X-Mailer: Sylpheed-Claws 0.9.12b (GTK+ 1.2.10; i386-portbld-freebsd5.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: NEW: cannot ssh to my computer X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Nov 2004 04:43:17 -0000 On Mon, 22 Nov 2004 22:37:19 -0500 Ivan Georgiev wrote: > > > Just another thing ... > > > > > > If I remove myself from the group wheel then I CAN ssh to my > > > computer; if I put myself back to wheel - then CANNOT ssh to the > > > computer. > > > > > > How can I ssh and be a member of the wheel group? > > > > hello ivan, > > > > it might be worth your while to check /etc/login.access to see if > > you have refused remote logins by wheel. > > > > hth, > > epi > > Thank you so very much Epi !!! > > I guess I have put this > -:wheel:ALL EXCEPT LOCAL > in /etc/login.access but had no recollection of doing it. After > commenting it out the problem is gone. hello again ivan, fwiw, your 'problem' may actually be better than your 'solution'. with all the script kiddies who are running ssh brute force attempts against the root user account (check your logs), it is wise to use 'su' or 'sudo' to elevate your priveleges on that box, rather than logging in as root. naturally, you can harden ssh somewhat and even restrict logins by ip addy in login.access, but if you're not doing that, i humbly suggest that you think twice about enabling root ssh to your box. cheers, epi > Many thanks to all that helped solving my "mysterious"/trivial problem > ! > > Regards, > Ivan > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >