One of the biggest security holes you could open on your server is to allow directly logging in as root through ssh, because any cracker can attempt to brute force your root password and potentially get access to your system if they can figure out your password.
您可能在服务器上打开的最大安全漏洞之一是允许通过ssh以root身份直接登录,因为任何破解者都可以尝试强行使用root密码,如果他们能够找出您的密码,则有可能访问您的系统。
It’s much better to have a separate account that you regularly use and simply sudo to root when necessary. Before we begin, you should make sure that you have a regular user account and that you can su or sudo to root from it.
最好有一个经常使用的单独帐户,并在必要时使用sudo root。 在开始之前,您应确保您具有常规用户帐户,并且可以使用su或sudo从该帐户进行root。
To fix this problem, we’ll need to edit the sshd_config file, which is the main configuration file for the sshd service. The location will sometimes be different, but it’s usually in /etc/ssh/. Open the file up while logged on as root.
要解决此问题,我们需要编辑sshd_config文件,它是sshd服务的主要配置文件。 该位置有时会有所不同,但通常在/ etc / ssh /中。 以root用户身份登录时打开文件。
vi /etc/ssh/sshd_config
vi / etc / ssh / sshd_config
Find this section in the file, containing the line with “PermitRootLogin” in it.
在文件中找到此部分,其中包含带有“ PermitRootLogin”的行。
#LoginGraceTime 2m#PermitRootLogin no#StrictModes yes#MaxAuthTries 6
#LoginGraceTime 2m#PermitRootLogin否#StrictModes是#MaxAuthTries 6
Make the line look like this to disable logging in through ssh as root.
使该行看起来像这样,以禁用以root身份通过ssh登录。
PermitRootLogin no
许可RootLogin no
Now you’ll need to restart the sshd service:
现在,您需要重新启动sshd服务:
/etc/init.d/sshd restart
/etc/init.d/sshd重新启动
Now nobody can brute force your root login, at least.
现在,至少没有人可以强行强制您的root登录。
翻译自: https://www.howtogeek.com/howto/linux/security-tip-disable-root-ssh-login-on-linux/
217
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
