Submitted by ggarron on Mon, 03/19/2007 - 00:53
For security reasons it is not a good idea to permit ssh root direct login, it is better to login as another user, and then switch to root using the 'su -' comand, to do this, you need to disable root from login directly using ssh protocol, this will decrease the possibility of a hacker breaking your linux box, as now he will have to guess your user name and your password
Ok, let's go and see to make this.
Edit the file /etc/ssh/sshd_config
vi /etc/ssh/sshd_config
(you can use your favorite text editor)
I strongly recommend you to open two logins if doing this from a remote connection, and never close one of them, in case you need to roll back the configuration
locate this line with, writing this onces editing with vi or vim
:/Protocol if it says Protocol 2, 1
change it to:
Protocol 2
This will enable only ssh2 which is more secure that ssh, do not do this if you need to log with a client that only support ssh, and not ssh2 protocol.
Next locate this line "PermitRootLogin yes" by entering this on your vi or vim editor
:/PermitRootLogin yes
and change it to this:
PermitRootLogin no
and save the file, with this:
shift+zz
now restart the ssh service.
If Fedora or CentOS
/etc/init.d/sshd restart
If Debian or Ubuntu
/etc/init.d/ssh restart
Test that you can login and gain root access with 'su -' (without quotes), before, you left your root remote connection
Related Links
http://www.go2linux.org/denyhosts-secure-your-linux-against-dictionary-a...
http://linux.go2linux.org/taxonomy/term/3
If this was useful for you, please consider making a donation, any amount is welcome, please proceed by clicking on the yellow donate button, thank you in advance.
My guess is that you really meant to say "I heartily recommend you open two....", which reverses the meaning of the sentence.