Disable Direct Root Login and User Access via SSH to Server

Everybody knows, including hackers and attackers that all Linux and UNIX flavored systems come with a all powerful root user account, which once get compromised, mean all hell breaks loose. So it’s a good security practice to disable the ability for root user to able to login and gain access to the server system via SSH directly (of course, the system must have disabled FTP access). After disabling direct root SSH remote login, the chance for the brute force hacking to success is greatly reduced.

To turn off and disable direct root SSH login, follow this simple tutorial:

IMPORTANT: Make sure you have another account (preferably belongs to wheel user group too) which is able to login via SSH remotely, and able to SU to root user account. Else you risk been locked out from your server.

  1. SSH into server and login as root.
  2. In command shell, use pico or vi to edit sshd_config file by typing one of the following commands:

    pico /etc/ssh/sshd_config
    vi /etc/ssh/sshd_config

  3. Scroll down the SSH server configuration file and locate a line like below:

    #PermitRootLogin yes

  4. Uncomment the line by removing the hash symbol (#), and then change the “yes” to “no”. The final line should look like below:

    PermitRootLogin no

  5. Save the config file. In pico, press Ctrl-o, follow by Ctrl-x. In vi, type :wq and press Enter.
  6. Restart SSH server by typing the following command in command line, and press Enter:

    /etc/rc.d/init.d/sshd restart

  7. Logout from SSH connection. Try to login as root, it should fail with Access denied error. To access root account, login with your own user name and password, and then SU to root.

This entry was posted on Sunday, August 12th, 2007 at 3:34 am and is filed under Webmaster Resources. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to comments feature has been disabled. To receive notification of latest comments posted, subscribe to My Digital Life Comments RSS feed or register to receive new comments in daily email digest.
« Apple iPhone Root Password and Mobile User Password
Display and Show foobar2000 Volume Bar and Volume Control »

New Articles

Incoming Search Terms for the Article

linux disable root remote login - ssh root access denied - disable root remote login - disable remote root login - enable remote root - freebsd root ssh - +freebsd +disable +root +login - disable root on freebsd - disable remote root ssh - ssh root login disable Solaris - linux disable root login - Solaris restrict direct user login - accessing ROOT login - ssh virtualbox "access denied" - disable root access via ssh - disable remote login in linux - enable root remote access linux - linux disable remote root login - solaris disable remote root access ssh - ssh access hide login - freebsd disable root - ssh access denied iphone - disable remote root - disable direct root login - ssh access denied - disable ssh on root access - how to disable direct root login - AIX disable root direct login - how to disable remote login for root in AIX - disable remote connection - unix disable direct login - disable user logins ssh - how to Disable root login on ssh server in linux - how to disable ssh iphone 2009 - remotely logging into freebsd root - ssh root locked out what do - ssh root locked out - su access denied debian ssh - unix:logout main root user - disallow remote ssh login - remove root login ssh - configure openbsd www authoring not root - disable remote root ssh login - disable ssh server - disable ssh server iphone - disable sshd server iphone - how to create root user in freebsd - how to login linux server without having root - linux disable ssh login for user - Menonaktifkan ssh di freebsd -