How to disable SSH Root login in Linux
2 mins read

How to disable SSH Root login in Linux

0

Description

The root account is often the most targeted account by crackers via SSH under Linux.

An enabled SSH root account on a Linux server exposed to a network or, worse, exposed in Internet can pose a high degree of security concern by system administrators.

The SSH root account should be disabled in all cases in Linux in order to harden your server security.

You should login via SSH on a remote server only with a normal user account and, then, change privileges to root account via sudo or su command.

Before you disable root logins you should add an administrative user that can ssh into the server and become root with su.

We can see the sample example in below

  1. Add the user. In the following example, we will use the user name admin. The command adduser will automatically create the user, initial group, and home directory. 
[root@root ~]# adduser admin
[root@root ~]# id admin
uid=10018(admin) gid=10018(admin) groups=10018(admin)
[root@root ~]# ls -lad /home/admin/
drwx------ 2 admin admin 4096 Mar 25 16:01 /home/admin/

2. Set the password for the admin user. When prompted, type and then retype the password.  

[root@root ~]# passwd admin
Changing password for user admin.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@root ~]#

3. For sudo permissions for your new admin user, use the following command 

[root@root ~]# echo 'admin ALL=(ALL) ALL' >> /etc/sudoers

4. SSH to the server with the new admin user and ensure that the login works.  

[root@root ~]# ssh admin@my.ip.or.hostname
admin@my.ip.or.hostname's password:
[admin@admin ~]$

5. Verify that you can su (switch user) to root with the admin user.   

[admin@admin ~]$ su -
Password:
[root@root ~]$ whoami
root

6. To disable root SSH login, edit /etc/ssh/sshd_config with your favorite text editor.  

[root@root ~]# vi /etc/ssh/sshd_config

Change this line:

#PermitRootLogin yes

Edit to this: 

PermitRootLogin no

7. Ensure that you are logged into the box with another shell before restarting sshd to avoid locking yourself out of the server.  

[root@root ~]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[root@root ~]#

You will now be able to connect to your server via ssh with the admin user and then use the command su to switch to the root user.

We hope you’ve found this useful! 

Leave a Reply

Your email address will not be published. Required fields are marked *

Website http://jaipurhosting.com/blog/

Related Posts