In the "/etc/ssh/sshd_config" file change the following lines:
Protocol 2
PermitRootLogin no
PermitEmptyPasswords no
Then, restart ssh: /etc/init.d/sshd restart
Why would you want to do this? It's not possible for anyone to guess or keep trying the root account. This is especially good for computers on the Internet. So, even if the "root" passwords is known, they can't get access to the system remotely. Only from the terminal, which is locked in your computer room. However, if anyone has a account on the server, then, they can login under their account then "su -".
Suppose you only want a limited number of users: "user1" and "user2". Add the following line to "/etc/ssh/sshd_config". Note, this allows access for chirico and donkey, but everyone else is denied.
# Once you add AllowUsers - everyone else is denied.
AllowUsers user1 user2
0 comments:
Post a Comment