How To Disable Direct Root Login
Category: Dedicated Web Hosting
Author: Hostsdepot
Date: 2008/2/11
Keywords: root su login ssh2
Why would you want to disable root login?
Well.. you're not.. You are disabling "direct" root login.
This will force a hacker to have to guess 2 seperate passwords to gain root access.. (you do have 2 seperate passwords for admin and root right?)
After you do this, you will have to login as 'admin' then you will 'su -' to get to root.. We also will be forcing the use of SSH protocol 2, which is a newer, more secure SSH protocol
Just a couple more ways to help your server stay safe from the bad guys.
If you're using cPanel make sure you add your admin user to the 'wheel' group so that you will be able to 'su -' to root, otherwise you may lock yourself out of root
1) SSH into your server as 'admin' and gain root access by
su -
2) Copy and paste this line to edit the file
pico -w /etc/ssh/sshd_config
3) Find the line
#Protocol 2, 1
4) Uncomment it and change it to look like
Protocol 2
5) Next, find the line
#PermitRootLogin yes
6)Uncomment it and make it look like
PermitRootLogin no
7) Save the file
ctrl 'x' then 'y' then enter
Restart SSH
/etc/rc.d/init.d/sshd restart
Now, no one will be able to login to root with out first loggin in as admin and 'su -' to root, and you will be forcing the use of a more secure protocol
Why would you want to disable root login?
Well.. you're not.. You are disabling "direct" root login.
This will force a hacker to have to guess 2 seperate passwords to gain root access.. (you do have 2 seperate passwords for admin and root right?)
After you do this, you will have to login as 'admin' then you will 'su -' to get to root.. We also will be forcing the use of SSH protocol 2, which is a newer, more secure SSH protocol
Just a couple more ways to help your server stay safe from the bad guys.
If you're using cPanel make sure you add your admin user to the 'wheel' group so that you will be able to 'su -' to root, otherwise you may lock yourself out of root
1) SSH into your server as 'admin' and gain root access by
su -
2) Copy and paste this line to edit the file
pico -w /etc/ssh/sshd_config
3) Find the line
#Protocol 2, 1
4) Uncomment it and change it to look like
Protocol 2
5) Next, find the line
#PermitRootLogin yes
6)Uncomment it and make it look like
PermitRootLogin no
7) Save the file
ctrl 'x' then 'y' then enter
Restart SSH
/etc/rc.d/init.d/sshd restart
Now, no one will be able to login to root with out first loggin in as admin and 'su -' to root, and you will be forcing the use of a more secure protocol
Hosting Article V1
URL: http://www.hostsdepot.com/modules/article/view.article.php/c8/18