Monday, February 21, 2011

Disable ssh root direct login

For security reasons it is not a good idea to allow ssh root direct login, it is better to login as another usre and then switch to root using "su" command.

To do this you need to disable root from login directly using ssh protocol, this will decrease the possibility of a hacker breaking your system, as now he will have to guess your user name and password.

1. Edit the file /etc/ssh/sshd_config

vi /etc/ssh/sshd_config

2. Locate this line with, writing this onces editing with vi or vim


3. If it says

Protocol 2, 1 change it to Protocol 2

*This will enable only ssh2 which is more secure that ssh, do not do this if you need to log with a client that only support ssh, and not ssh2 protocol.

4.Next locate this line "PermitRootLogin yes" by entering this on your vi or vim editor

:/PermitRootLogin yes

and change it to no

PermitRootLogin no
4. Then save the file using shift+zz

5. Now restart the ssh service.

/etc/init.d/sshd restart

No comments: