Enter your email address:

Delivered by FeedBurner

Disable ssh root direct login

Submitted by ggarron on Mon, 03/19/2007 - 04:53.
StumbleUpon Toolbar

For security reasons it is not a good idea to permit ssh root direct login, it is better to login as another user, and then switch to root using the 'su -' comand, to do this, you need to disable root from login directly using ssh protocol, this will decrease the possibility of a hacker breaking your linux box, as now he will have to guess your user name and your password

Ok, let's go and see to make this.

Edit the file /etc/ssh/sshd_config

vi /etc/ssh/sshd_config

(you can use your favorite text editor)

I strongly recommend you to open two logins if doing this from a remote connection, and never close one of them, in case you need to roll back the configuration

locate this line with, writing this onces editing with vi or vim

:/Protocol
if it says

Protocol 2, 1

change it to:

Protocol 2

This will enable only ssh2 which is more secure that ssh, do not do this if you need to log with a client that only support ssh, and not ssh2 protocol.

Next locate this line "PermitRootLogin yes" by entering this on your vi or vim editor

:/PermitRootLogin yes

and change it to this:

PermitRootLogin no

and save the file, with this:

shift+zz

now restart the ssh service.
If Fedora or CentOS
/etc/init.d/sshd restart

If Debian or Ubuntu
/etc/init.d/ssh restart

Test that you can login and gain root access with 'su -' (without quotes), before, you left your root remote connection

Related Links
http://linux.go2linux.org/node/6
http://linux.go2linux.org/taxonomy/term/3

Bookmark/Search this post with:
  • Delicious
  • Digg
  • Reddit
  • Magnoliacom
  • Newsvine
  • Furl
  • Google
  • Yahoo
  • Technorati

Trackback URL for this post:

http://www.go2linux.org/trackback/42
StumbleUpon Toolbar

 If you like this article, subscribe to our full rss

If this article was somehow useful for you, you can leave something in the tip's jar

Please post your question in our forum and use comments only to leave your comments about the article, thanks.

Actually, I believe the vi

Submitted by Daniel Yoder (not verified) on Wed, 06/13/2007 - 16:36.

Actually, I believe the vi command to save a file is Shift + ZZ (not Ctrl + zz, as the article states).

Thanks.

You are 100% right, the

Submitted by ggarron on Wed, 06/13/2007 - 20:38.

You are 100% right, the article was corrected.
thanks.

Guillermo Garron

My guess is that you really

Submitted by Remon Lapid (not verified) on Fri, 10/19/2007 - 15:21.

My guess is that you really meant to say "I heartily recommend you open two....", which reverses the meaning of the sentence.

Thanks, you are right,

Submitted by ggarron on Fri, 10/19/2007 - 22:33.

Thanks, you are right, English is not my native tongue so, please forgive me for my bad English, I try to do my best, and really appreciate your help with it.

Guillermo Garron

This is a great article, it

Submitted by julyus (not verified) on Wed, 10/24/2007 - 21:16.

This is a great article, it helped me a lot. I'm a noob in linux :) THX

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Captcha
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

This site is proudly hosted at Bluefur Hosting