How to prevent SSH remote root login
Securing the System: Don't allow root to login remotely. Instead,
the admin could login as another account, then, "su -". However,
root can still login "from the local terminal".
In the "/etc/ssh/sshd_config" file change the following lines:
Protocol 2
PermitRootLogin no
PermitEmptyPasswords no
Then, restart ssh
/etc/init.d/sshd restart
Why would you want to do this? It's not possible for anyone to guess
or keep trying the root account. This is especially good for computers
on the Internet. So, even if the "root" passwords is known, they can't
get access to the system remotely. Only from the terminal, which is locked
in your computer room. However, if anyone has a account on the server,
then, they can login under their account then "su -".
Suppose you only want a limited number of users: "mchirico" and "chumma".
Add the following line to "/etc/ssh/sshd_config". Note, this allows access
for chirico and chumma, but everyone else is denied.
# Once you add AllowUsers - everyone else is denied.
AllowUsers mchirico chumma
No comments:
Post a Comment