Disable direct root login via ssh
=========
Please follow the given steps to disable direct root login access to the server via shell prompt.
STEP 1: Create a user and add it to the wheel group.
SSH into your server as root and follow the below commands to create a user.
$ groupadd test
$ useradd test -gtest
$ passwd test
You can create any user instead of "test".
STEP 2: Add user to wheel group.
You can add the user at the end of the 'group' file.
$ grep wheel /etc/group
wheel:x:10:root
Add the user test:
wheel:x:10:root,test
For CPanel Servers, do the following.
1. Log into your WHM and click on "Manage Wheel Group Users".
2. Select the user (Here it is "test") and click ‘Add to group’.
3. Before disable the root access, check if the user can login and su – to gain root privileges.
SSH into your server as 'test'
Login as: test
Password : enteryouruserpasswordhere
su -
password: enter root password here
STEP 3: Disable Direct Root Login
1. Copy and paste this line to edit the file for SSH logins
vi /etc/ssh/sshd_config
2. Find the line
Protocol 2, 1
3. Uncomment it (Remove #) and change it to look like
Protocol 2
4. Next, find the line
PermitRootLogin yes
5. Uncomment it (Remove #) and make it look like PermitRootLogin no
6. Save the file.
Now, no one will be able to login to root with out first logging in as 'test' and 'su -' to root.
=========
Please follow the given steps to disable direct root login access to the server via shell prompt.
STEP 1: Create a user and add it to the wheel group.
SSH into your server as root and follow the below commands to create a user.
$ groupadd test
$ useradd test -gtest
$ passwd test
You can create any user instead of "test".
STEP 2: Add user to wheel group.
You can add the user at the end of the 'group' file.
$ grep wheel /etc/group
wheel:x:10:root
Add the user test:
wheel:x:10:root,test
For CPanel Servers, do the following.
1. Log into your WHM and click on "Manage Wheel Group Users".
2. Select the user (Here it is "test") and click ‘Add to group’.
3. Before disable the root access, check if the user can login and su – to gain root privileges.
SSH into your server as 'test'
Login as: test
Password : enteryouruserpasswordhere
su -
password: enter root password here
STEP 3: Disable Direct Root Login
1. Copy and paste this line to edit the file for SSH logins
vi /etc/ssh/sshd_config
2. Find the line
Protocol 2, 1
3. Uncomment it (Remove #) and change it to look like
Protocol 2
4. Next, find the line
PermitRootLogin yes
5. Uncomment it (Remove #) and make it look like PermitRootLogin no
6. Save the file.
Now, no one will be able to login to root with out first logging in as 'test' and 'su -' to root.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.