Disabling Root User Login

Another security measure you can take to lock down a Linux server is to disable the root user login in the SSH server.

Note that there are two config files in the /etc/ssh/ directory, ssh_conf and sshd_conf. ssh_conf pertains to outboundSSH sessions (example: you are already connected to your server and you SSH into another server) while sshd_conf controls how inbound SSH sessions are handled by the server itself.

Step 1: Modifying The sshd_conf File


Remember, backing up any important system file before you modify it is always a good idea!

cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup


When connected to the server as root use your favorite text editor to open the sshd configuration file (/etc/ssh/sshd_config). For this tutorial we will use vim.

With the file open, find the line labeled PermitRootLogin. It will most likely be commented out using the # symbol. Example:

sshd default PermitRootLogin setting


We will need to remove the # symbol to make the line active, and then change “yes” to “no”.

Example of the end result:

sshd PermitRootLogin No


Step 2: Creating A New User

While we have disabled directly using SSH to log in to the server as root, this of course does not mean that you want to disable root-level functions entirely. This step will show you how to create a new user just for SSH purposes, and how to allow that user to switch to root once they are logged in.


If you already have a user account on the server that you would like to use for this purpose you can skip ahead to the instructions for adding a user to the wheel group.


Adding the User


We will use the commands adduser and passwd to create a new user account and assign it a password. You are welcome to name this new account anything you want, but for this example we will call it lwsupport.


When you run the passwd command with the user name it will ask you to type in the new password twice for verification.


Example:

Creating A New User


Adding the User to the Wheel Group


Important note: Be sure to back up the group file before making changes!


Open the /etc/group file in your favorite editor. Find the line called “Wheel” and add your new user account to the existing line (be sure to follow the existing format of other lines, and add a comma where necessary).


Example:

Adding Wheel Group User


Save your changes and close the file.

Now we will need to restart SSH to apply the new settings with the following command:

/etc/init.d/sshd restart


Root logins are now disabled in the SSH server.

Logout of your root SSH session to the server and login as your new user instead. Once you are logged in as the new user simply run the command su - and you will prompted for the server’s root password. Be sure to use a – after the su command so that your path settings to various programs are correct.


Step 3: Updating Your Server Information in Manage


Now that your server no longer allows the root user to log in over SSH our support staff will need to know the new login details. If we do not have the new login details on file our monitoring team will not be able to proactively fix problems on your server.

  • 54 Users Found This Useful
Was this answer helpful?

Related Articles

How To Install Cassandra on CentOS 7

Step 1: Install Java First, you’ll follow a simple best practice: ensuring the list of available...

Information on CVE-2015-0235 (GHOST) Vulnerability for Red Hat and CentOS

A vulnerability found in the glibc library, specifically a flaw affecting the gethostbyname() and...

How To Install Varnish 4 on CentOS 7

Varnish is a proxy and cache, or HTTP accelerator, designed to improve performance for busy,...

How to Install the MongoDB PHP Driver (Extension) on CentOS 6

Step 1: Setup Environment, Install PHP Extension & Application Repository (PEAR) As a matter...

How to Add a User and Grant Root Privileges on Fedora 20

Step 1: Add the User It’s just one simple command to add a user. In this case, we’re adding a...

Powered by WHMCompleteSolution