Hi! Probably newbi question but as selftaught Linux user this is something I cant find an answer for. I have 2 linux servers in the cloud, both webservers. I use webmin as CP. I use the built in backup function and backup each server to the other every night.
But I want to disable the root user but when I try to login with another user it does not work. I backup over SSH
If this make sense can someone explain how I can get the server to accept the backup when the login user is not root
Try adding another user in Webmin settings and adjust admin privileges… maybe!
Did not help. I have no problem to login to server 2 from server 1 using the terminal in the respective server CP. And the reverse also work without problem
CP, as in, control panel, not cPanel, right? Depending on what you are scp’ing / rsync’ing, then you will need to use root, or tar locally and then transfer to the other side, if you’re trying to keep the permissions the same.
What’s the error you’re getting? There should be something on the screen, like an output or something. Otherwise, if webmin has a log for the backup function, check it (never used webmin).
I use webmin so CP is webmin. I get permission denied so you can be right. Can I perhaps setup a keypair between the servers?
Makes sense really. You wouldn’t want some wombat in a legacy SUDO Group with access to that much distructive power.
For what it’s worth, I have noticed I can’t reboot my server from the Webmin CLI via SSH without being root.
Watching with interest…
A short note off topic. I have realized that if I want to reboot the server I need to disable ufw first. If it is enabled the server never come online again. Then I must VNC to the server disable ufw and it comes online directly. Dionmt know if it is a bug
No, UFW will block the SSH IP address unless it’s listed in the UFW config. file.
Actually, Jay has a good video on exactly this subject and shows the correct config. settings.
Ok, then I will find that video. The problem is that I dont have a fixed IP at home
Neither do I. I use a 5G hotspot router and my ISP won’t issue one, which creates a problem.
One solution is to use a VPN and pay for a Static IP, but it’s super expensive.
The only other option I have to self-hosting a server with fixed, public facing, IP address is fibre, and even then its an extra monthly fee.
Maybe someone can suggest an alternative, but DHCP is my only affordable option where WAN is concerned.
UFW config. file’s for LAN IP networks are much simpler of course.
I will have to talk to the provider, a local guy. He has to give me a static IP once again. I had one for years, but then started to use keypairs for ssh so thought I had no use of it anymore. Its always a security risk to always have the same ip at home but I can handle that.
Lucky you. Much easier to cater for fixed IP security than find a DHCP work-around.
That option there is setting the PermitRootLogin option in sshd_config. Default is key-only (prohibit-password option), yes means password authentication is allowed (yes), no is no root login permitted (no) and “only for commands” is allowing root with a password or key for specified commands only (forced-commands-only option), like zfs-receive for example.
The problem here is that the user is unable to log in. I suspect the backup tool might be asking for a password and the user can’t insert it. So OP might need to add a user SSH key to ~/.ssh/authorized_keys. At least that’s my guess.
Yeah, I figured there’d be a twist to it… cheers.
I created a keypair on each server and fixed it that way. Even more secure, now I can disable root login and password
Thanks all
