Stop root Login via SSH Immediately!
Published November 25th, 2008Problem Statement
If you are still allowing root login via SSH, you love living on the edge, don’t ya? I didn’t think so. Here in this short article you will find out how to disable root login and still gain root access in a manner that is safer than direct root login via SSH.
Disabling root user login via SSH
Edit the /etc/ssh/sshd_config file and see if you have PermitRootLogin directive set to yes. Change this directive to be:
PermitRootLogin no
Save the changes and restart SSH daemon using service sshd restart. Now try to login to your SSH server from a remote system using the root account. For example:
$ ssh -l root your.server -p [ssh port]
If you are not able to login via root, great!. Use a standard user account to ssh to your server and then use su - to switch to root user. Using su is much better than direct login as root because:
- Bad guys cannot keep on trying to guess your root password
- Root user account should be only used occasionally and switching from a regular user to root makes more sense as your normal privilege is limited and thus less damage in case someone guesses your password.
Leave a comment
Comment Policy: First time comments are moderated. Please be patient.