{"id":1410,"date":"2019-03-25T07:48:08","date_gmt":"2019-03-25T02:18:08","guid":{"rendered":"http:\/\/jaipurhosting.com\/blog\/?p=1410"},"modified":"2019-03-25T07:56:16","modified_gmt":"2019-03-25T02:26:16","slug":"how-to-disable-ssh-root-login-in-linux","status":"publish","type":"post","link":"https:\/\/www.jaipurhosting.com\/blog\/how-to-disable-ssh-root-login-in-linux\/","title":{"rendered":"How to disable SSH Root login in Linux"},"content":{"rendered":"\n
\n\n\n\n

Description <\/strong><\/p>\n\n\n\n

The root<\/strong> account is often the most targeted account by crackers via SSH<\/strong> under Linux. <\/p>\n\n\n\n

An enabled SSH root account on a Linux server exposed to a network or, worse, exposed in Internet can pose a high degree of security concern by system administrators.<\/p>\n\n\n\n

The SSH root account should be disabled in all cases in Linux in order to harden your server security. <\/p>\n\n\n\n

You should login via SSH on a remote server only with a normal user account and, then, change privileges to root account via sudo or su command. <\/p>\n\n\n\n

Before you disable root logins you should add an administrative user that can ssh into the server and become root with su. <\/p>\n\n\n\n

We can see the sample example in below<\/em><\/p>\n\n\n\n

  1. Add the user. In the following example, we will use the user name admin<\/strong>. The command adduser will automatically create the user, initial group, and home directory. <\/li><\/ol>\n\n\n\n
    [root@root ~]# adduser admin\n[root@root ~]# id admin\nuid=10018(admin) gid=10018(admin) groups=10018(admin)\n[root@root ~]# ls -lad \/home\/admin\/\ndrwx------ 2 admin admin 4096 Mar 25 16:01 \/home\/admin\/<\/code><\/pre>\n\n\n\n
    2<\/strong>.  Set the password for the admin user. When prompted, type and then retype the password.  <\/p>\n\n\n\n
    [root@root ~]# passwd admin\nChanging password for user admin.\nNew UNIX password:\nRetype new UNIX password:\npasswd: all authentication tokens updated successfully.\n[root@root ~]#<\/code><\/pre>\n\n\n\n
    3<\/strong>. For sudo permissions for your new admin user, use the following command <\/p>\n\n\n\n
    [root@root ~]# echo 'admin ALL=(ALL) ALL' >> \/etc\/sudoers<\/code><\/pre>\n\n\n\n
    4<\/strong>. SSH to the server with the new admin <\/strong>user and ensure that the login works.  <\/p>\n\n\n\n
    [root@root ~]# ssh admin@my.ip.or.hostname\nadmin@my.ip.or.hostname's password:\n[admin@admin ~]$<\/code><\/pre>\n\n\n\n
    5<\/strong>. Verify that you can su (switch user) to root with the admin <\/strong>user.   <\/p>\n\n\n\n
    [admin@admin ~]$ su -\nPassword:\n[root@root ~]$ whoami\nroot<\/code><\/pre>\n\n\n\n
    6<\/strong>. To disable root SSH login, edit \/etc\/ssh\/sshd_config with your favorite text editor.  <\/p>\n\n\n\n
    [root@root ~]# vi \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
    Change this line:<\/p>\n\n\n\n
    #PermitRootLogin yes<\/code>
    <\/p>\n\n\n\n
     Edit to this: <\/p>\n\n\n\n
    PermitRootLogin no<\/code><\/pre>\n\n\n\n
    7<\/strong>. Ensure that you are logged into the box with another shell before restarting sshd to avoid locking yourself out of the server.  <\/p>\n\n\n\n
    [root@root ~]# \/etc\/init.d\/sshd restart\nStopping sshd: [ OK ]\nStarting sshd: [ OK ]\n[root@root ~]#<\/code><\/pre>\n\n\n\n
    You will now be able to connect to your server via ssh with the admin user and then use the command su to switch to the root user. <\/p>\n\n\n\n
     We hope you\u2019ve found this useful!  <\/p>\n","protected":false},"excerpt":{"rendered":"
    Description The root account is often the most targeted account by crackers via SSH under Linux. An enabled SSH root account on a Linux server exposed to a network or, worse, exposed in Internet can pose a high degree of security concern by system administrators. The SSH root account should be disabled in all cases in Linux in order […]<\/p>\n","protected":false},"author":1,"featured_media":1411,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-1410","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.jaipurhosting.com\/blog\/wp-json\/wp\/v2\/posts\/1410","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jaipurhosting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jaipurhosting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jaipurhosting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jaipurhosting.com\/blog\/wp-json\/wp\/v2\/comments?post=1410"}],"version-history":[{"count":2,"href":"https:\/\/www.jaipurhosting.com\/blog\/wp-json\/wp\/v2\/posts\/1410\/revisions"}],"predecessor-version":[{"id":1413,"href":"https:\/\/www.jaipurhosting.com\/blog\/wp-json\/wp\/v2\/posts\/1410\/revisions\/1413"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.jaipurhosting.com\/blog\/wp-json\/wp\/v2\/media\/1411"}],"wp:attachment":[{"href":"https:\/\/www.jaipurhosting.com\/blog\/wp-json\/wp\/v2\/media?parent=1410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jaipurhosting.com\/blog\/wp-json\/wp\/v2\/categories?post=1410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jaipurhosting.com\/blog\/wp-json\/wp\/v2\/tags?post=1410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}