Disabling SSH Login for root user

Disabling SSH Login for root user

Below are instructions for disabling the root user and allowing another user to assume the root users permissions. This adds another layer of security because an additional username and password must now be entered before gaining the root user privileges.

Before you disable root logins you should add an administrative user that can ssh into the server and become root with su.

In the following example we are using buddy for the username, but can be replaced with any username you wish to use.

root@dell:~# useradd buddy
root@dell:~# id buddy
uid=1005(buddy) gid=1007(buddy) groups=1007(buddy)

Set the password for the buddy user. When prompted type and then retype the password.

root@dell:~# passwd buddy
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

SSH to the server with the new admin user and ensure that the login works.
Verify that you can su (switch user) to root with the admin user.

buddy@dell:/$ su
Password:
root@dell:/# whoami
root

Edit /etc/ssh/sshd_config with your favorite text editor.

#vi /etc/ssh/sshd_config

Change this line:

#PermitRootLogin yes

to this:

PermitRootLogin no

Ensure that you are logged into the box with another shell before restarting sshd to avoid locking yourself out of the server.

# /etc/init.d/sshd restart

Tags: , , , ,

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.