Disable Direct Root Login and User Access via SSH to Server

Everybody knows, including hackers and attackers that all Linux and UNIX flavored systems come with a all powerful root user account, which once get compromised, mean all hell breaks loose. So it’s a good security practice to disable the ability for root user to able to login and gain access to the server system via SSH directly (of course, the system must have disabled FTP access). After disabling direct root SSH remote login, the chance for the brute force hacking to success is greatly reduced.

To turn off and disable direct root SSH login, follow this simple tutorial:

IMPORTANT: Make sure you have another account (preferably belongs to wheel user group too) which is able to login via SSH remotely, and able to SU to root user account. Else you risk been locked out from your server.

  1. SSH into server and login as root.
  2. In command shell, use pico or vi to edit sshd_config file by typing one of the following commands:

    pico /etc/ssh/sshd_config
    vi /etc/ssh/sshd_config

  3. Scroll down the SSH server configuration file and locate a line like below:

    #PermitRootLogin yes

  4. Uncomment the line by removing the hash symbol (#), and then change the “yes” to “no”. The final line should look like below:

    PermitRootLogin no

  5. Save the config file. In pico, press Ctrl-o, follow by Ctrl-x. In vi, type :wq and press Enter.
  6. Restart SSH server by typing the following command in command line, and press Enter:

    /etc/rc.d/init.d/sshd restart

  7. Logout from SSH connection. Try to login as root, it should fail with Access denied error. To access root account, login with your own user name and password, and then SU to root.

Share and contribute or get technical support and help at My Digital Life Forums.



This entry was posted on Sunday, August 12th, 2007 at 3:34 am and is filed under Webmaster Resources. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe without commenting

« Apple iPhone Root Password and Mobile User Password
Display and Show foobar2000 Volume Bar and Volume Control »

Custom Search

New Articles

Incoming Search Terms for the Article

ssh root access denied - disable direct root ssh - freebsd disable root - disable root user - cpanel ssh disable - freebsd stop user ssh login - how to disable root in bsd - linux disable root remote login - turning off remote root access linux - freebsd root ssh - ssh root login in cpanel - linux disable remote login - turn off ssh root - alert on root login - disable remote root - disabled root from ssh - disable login for user - disable ssh login for a user - DMX-NV1 ssh - enable root login, linux - enable ssh access root freebsd - freebsd allow root ssh - how to disable remote root login linux - linux disable user root - mysql 6.0 root remote login - root access ssh - ssh config disable direct root login - ssh root access to be remove - ssh Remote login for account disabled - allow root SSH access linux - disable root ssh access - disabling root login access - disable root login remotely - file:/// how to access root - how to enable direct root logins by editing the /etc/ssh/sshd_config - how to disable direct user login via ssh - remote access disabled for root in linux - ssh into iphone access denied - ssh config root login - switch root user on freebsd - turn on root remote login in linux - enable root login ssh freebsd 7 - freebsd ssh root acces - how to get user via ssh - limit ssh access to root user - login to FreeBSD via ssh - remote root login - remove user from ssh login - ssh diable remote logon root - ssh disable user root -