linux poison RSS
linux poison Email

How to deny root ssh login

Don't allow root to login remotely.  Instead, the admin could login as another account, then, "su -".  However, root can still login "from the local terminal".

In the "/etc/ssh/sshd_config" file change the following lines:

        Protocol 2
        PermitRootLogin no
        PermitEmptyPasswords no

Then, restart ssh: /etc/init.d/sshd restart

Why would you want to do this?  It's not possible for anyone to guess or keep trying the root account.  This is especially good for computers on the Internet. So, even if the "root" passwords is known, they can't get access to the system remotely.  Only from the terminal, which is locked in your computer room. However, if anyone has a account on the server, then, they can login under their  account then "su -".

Suppose you only want a limited number of users:  "user1" and "user2". Add the following line to "/etc/ssh/sshd_config". Note, this allows access for chirico and donkey, but everyone else is denied.

         #  Once you add AllowUsers - everyone else is denied.
         AllowUsers user1 user2


0 comments:

Post a Comment

Related Posts with Thumbnails