Friday 10 August 2012

Disable direct root login via ssh

Disable direct root login via ssh
Please follow the given steps to disable direct root login access to the server via shell prompt.

STEP 1: Create a user and add it to the wheel group.

SSH into your server as root and follow the below commands to create a user.

$ groupadd test
$ useradd test -gtest
$ passwd test

You can create any user instead of "test".

STEP 2: Add user to wheel group.

You can add the user at the end of the 'group' file.

$ grep wheel /etc/group

Add the user test:


For CPanel Servers, do the following.

1. Log into your WHM and click on "Manage Wheel Group Users".

2. Select the user (Here it is "test") and click ‘Add to group’.

3. Before disable the root access, check if the user can login and su – to gain root privileges.

SSH into your server as 'test'

Login as: test

Password : enteryouruserpasswordhere

su -

password: enter root password here

STEP 3: Disable Direct Root Login

1. Copy and paste this line to edit the file for SSH logins

vi /etc/ssh/sshd_config

2. Find the line

Protocol 2, 1

3. Uncomment it (Remove #) and change it to look like

Protocol 2

4. Next, find the line

PermitRootLogin yes

5. Uncomment it (Remove #) and make it look like PermitRootLogin no

6. Save the file.

Now, no one will be able to login to root with out first logging in as 'test' and 'su -' to root.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.