Disable root SSH access

Allowing the root user to login directly is a major security issue, we’ll show you how to disable it so you can still login as root but just not directly, reducing the security issue.

This will force a hacker to have to guess 2 seperate passwords to gain root access.
(you do have 2 seperate passwords for admin and root right?)
What happens is you’ll first need to login as your admin user in SSH, then switch to the super user with the su command to get root.

We also will be forcing the use of SSH protocol 2, which is a newer, more secure SSH protocol
Just a couple more ways to help your server stay safe from the bad guys. If you’re using cPanel make sure you add your admin user to the ‘wheel‘ group so that you will be able to ‘su -‘ to root, otherwise you may lock yourself out of root.

1. SSH into your server as ‘admin‘ and gain root access by su

2. Copy and paste this line to edit the file for SSH logins
pico -w /etc/ssh/sshd_config

3. Find the line
Protocol 2, 1

4. Uncomment it and change it to look like
Protocol 2

5. Next, find the line
PermitRootLogin yes

6. Uncomment it and make it look like PermitRootLogin no

7. Save the file Ctrl+X then Y then enter

8. Now you can restart SSH
/etc/rc.d/init.d/sshd restart

Now, no one will be able to login to root with out first loggin in as admin and ’su -’ to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords!

root, SSH, su

Print article

This entry was posted by Clayton on October 20, 2009 at 10:38 pm, and is filed under Linux, SSH, Tutorial. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site.

Related Posts
Comments (0)

No comments yet.

No trackbacks yet.

Installing RKHunter

about 7 months ago - No comments

Be honest, how much have you considered server security in the past? In this day and age, it’s not something that should be taken lightly. Today I’ll be teaching you how to install RKHunter. RKHunter (ie: Rootkit Hunter) is a nifty little script that runs via cron daily that checks your server for the most

Session.save_path error

about 8 months ago - No comments

So…I came across this error on a clients site which he was receiving when trying to install a 3rd party script. The session.save_path setting in your php configuration file (php.ini) is not set or is set to a folder which did not exist. You might need to set the save_path setting in php.ini or verify

Install fantastico on cPanel

about 8 months ago - 7 comments

A fantastico installation is pretty straight forward. First thing you need to do is obtain a Fantastico license from Netenburg. One of the most common issues when installing fantastico is a buggy wget install on the server, so a working wget version will need to be installed. Another common issue is cPanels internal php may

Exim Error: Ratelimit database not available

about 8 months ago - 8 comments

2009-07-20 21:58:07 Failed to get write lock for /var/spool/exim/db/ratelimit.lockfile: timed out 2008-07-20 21:58:07 H=[xx.xx.xx.xx] temporarily rejected connection in “connect” ACL: ratelimit database not available To fix such an error , the exim cache database on the server side needs to be clear off to stop this message. Run the folllowing command on root : root@lolwut

Creating an extracting tar files

about 8 months ago - 3 comments

The most common compressed archive file format in Linux is the tar.gz format. Tar file is an archive file format. Tar.gz is a compressed tar file. How to create a compressed tar.gz file from a folder or file in Linux? In order to create a compressed tar.gz archive from a folder/file we need to run

pty, ptyp, and tty errors

about 9 months ago - No comments

So I came across this error for the first time today when trying to SSH directly into a clients VPS. login as: root root@server’s password: Server refused to allocate pty stdin: is not a tty After a quick google search I came across the fix. [root@node /]# vzlist -a VEID NPROC STATUS IP_ADDR HOSTNAME 1337

Install Perl

about 9 months ago - No comments

Very simple install, only 4 commands via SSH and takes about 20 minutes for the install to complete. wget http://layer1.cpanel.net/perl588installer.tar.gz tar -xvzf perl588installer.tar.gz cd perl588installer ./install //

Upgrade MySQL4 to MySQL5 on cPanel server

about 9 months ago - 3 comments

Upgrading MySQL versions is a quick and easy process, not much work involved. Always be sure to make a backup before you start though, just in case the upgrade fails or some other unforeseen issue arises. cp -Rpf /var/lib/mysql /var/lib/mysql.BAK Login to WHM –> Tweak Settings –> MySQL -> 5.0 and Save settings /scripts/mysqlup –force

Screen in SSH

about 9 months ago - 1 comment

I’m short on time, but here’s a nice little tutorial on screen in SSH courtesy of Aperiodic.net. Getting in start a new screen session: screen .. with session name: screen -S <name> attach to a running session: screen -r .. to session with name: screen -r <name> the “ultimate attach”: screen -dRR (Attaches to a

Server time keeps resetting

about 9 months ago - No comments

Last night I came across a ticket where a customers time kept resetting on their dedicated server. Typically I would fix the time by using the date command because most of issues I came across the servers were only minutes off. After reading through the clients ticket history I realized that the timezone and minutes

Disable root SSH access

No comments yet.

No trackbacks yet.

Installing RKHunter

Session.save_path error

Install fantastico on cPanel

Exim Error: Ratelimit database not available

Creating an extracting tar files

pty, ptyp, and tty errors

Install Perl

Upgrade MySQL4 to MySQL5 on cPanel server

Screen in SSH

Server time keeps resetting

Categories

Linkage...

Meta

Disable root SSH access

No comments yet.

No trackbacks yet.

Categories

Tags

Linkage...

Meta