How to disable direct root login.

Direct login for the root user is a major security issue. We can disable direct login access to reduce the security risk. This way we can have two separate passwords for root access which makes the box more secure. Also we are using the protocol 2 which is newer and more secure.

01. SSH into your server as 'admin' and gain root access by su

02. Copy and paste this line to edit the file for SSH logins
[root@daddylinux~]# nano /etc/ssh/sshd_config

03. Find the line
Protocol 2, 1

04. Uncomment it and change it to look like
Protocol 2

05. Next, find the line
PermitRootLogin yes

06. Uncomment it and make it look like PermitRootLogin no

07. Save the file Ctrl+o then Ctrl+x then enter

08. Now you can restart SSH
[root@daddylinux~]#/etc/rc.d/init.d/sshd restart

Now, no one will be able to login to root with out first loggin in as admin and 'su -' to root.

Be sure that you remember both the passwords!

1 comment: