Disable or Enable SSH Root Login and Limit SSH Access in Linux

最新推荐文章于 2023-03-13 20:44:25 发布
最新推荐文章于 2023-03-13 20:44:25 发布
阅读量3k 收藏
点赞数
分类专栏: 英文文章 文章标签: linux security ssh logging

Today, everyone knows that Linux systems comes with root user access and by default theroot access is enabled for outside world. For security reason it’s not a good idea to have sshroot access enabled for unauthorized users. Because any hacker can try to brute force your password and gain access to your system.

Disable Root Login

Disable SSH Root Login

So, its better to have another account that you regularly use and then switch to root user by using ‘su -‘ command when necessary. Before we start, make sure you have a regular user account and with that you su or sudo to gain root access.

In Linux, it’s very easy to create separate account, login as root user and simply run the ‘adduser‘ command to create separate user. Once user is created, just follow the below steps to disable root login via SSH.

We use sshd master configuration file to disable root login and this will may decrease and prevent the hacker from gaining root access to your Linux box. We also see how to enableroot access again as well as how to limit ssh access based on users list.

Disable SSH Root Login

To disable root login, open the main ssh configuration file /etc/ssh/sshd_config with your choice of editor.

# vi /etc/ssh/sshd_config

Search for the following line in the file.

#PermitRootLogin no

Remove the ‘#‘ from the beginning of the line.  Make the line look like similar to this.

PermitRootLogin no

Next, we need to restart the SSH daemon service.

# /etc/init.d/sshd restart

Now try to login with root user, you will get “Access Denied” error.

login as: root
Access denied
root@172.31.41.51's password:

So, from now onwards login as normal user and then use ‘su’ command to switch to root user.

login as: tecmint
Access denied
tecmint@172.16.25.126's password:
Last login: Tue Oct 16 17:37:56 2012 from 172.16.25.125
[tecmint@tecmint ~]$ su -
Password:
[root@tecmint ~]#

Enable SSH Root Login

To enable ssh root logging, open the file /etc/ssh/sshd_config.

# vi /etc/ssh/sshd_config

Search for the following line and put the ‘#‘ at the beginning and save the file.

# PermitRootLogin no

Restart the sshd service.

# /etc/init.d/sshd restart

Now try to login with root user.

login as: root
Access denied
root@172.16.25.126's password:
Last login: Tue Nov 20 16:51:41 2012 from 172.16.25.125
[root@tecmint ~]#

Limit SSH User Logins

If you have large number of user accounts on the systems, then it makes sense that we limit remote access to those users who really need it. Open the /etc/ssh/sshd_config file.

# vi /etc/ssh/sshd_config

Add an AllowUsers line at the bottom of the file with a space separated by list of usernames. For example, user tecmint and sheena both have access to remote ssh.

AllowUsers tecmint sheena

Now restart ssh service.

JJDiaries
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
LockScreenTest.rar "Home" button disable and enable
05-15
"Home" button disable and enable
Disable Textbox in 3 Failure Login Attempts in Javascript.zip
最新发布
11-08
JavaScript
Disable Root SSH Login on Linux
01-15 216
One of the biggest security holes you could open on your server is to allow directly logging in as root through ssh, because any cracker can attempt to brute force your root password and potentially g
How to limit ssh access to specific users or groups
cunheise的专栏
08-07 123
posted on may 6, 2008 in howto, linux with 1 comment Its sometimes necessary to limit who has access to a server via SSH. Most Linux security hardening checklist today require this to be enforced. ...
安全提示:在Linux上禁用Root SSH登录
cum43546的博客
10-11 394
One of the biggest security holes you could open on your server is to allow directly logging in as root through ssh, because any cracker can attempt to brute force your root password and potentially g...
ssh允许root登录
itjobtxq的专栏
09-18 1647
#vi /etc/ssh/sshd_config # Authentication: LoginGraceTime 120 #PermitRootLogin without-password    #找到这里,把它注释 PermitRootLogin yes           #改为yes  然后重启ssh StrictModes yes #service ssh r
黑马Linux笔记05【Linux系统软件安装,MySQL、Tomcat、Nginx、RabbitMQ、Redis、ElasticSearch、Zookeeper】
upward
03-13 1060
黑马Linux笔记05【Linux系统软件安装,MySQL、Tomcat、Nginx、RabbitMQ、Redis、ElasticSearch、Zookeeper】
How to disable_enable a timing check in a design.pdf
03-27
后仿
enable disable home
06-09
enable and disable "HOME" button in android 4.0.3 above the version 4.0.3,we should modify the frameworks detail is described in the Enable_Disable_Home.rar
KnockoutJS 3.X API 第四章之表单submit、enabledisable绑定
10-21
Knockout是一个以数据模型(data model)为基础的能够帮助你创建富文本,响应显示和编辑用户界面的...这篇文章介绍了KnockoutJS 3.X API 第四章之表单submit、enabledisable绑定的相关知识,感兴趣的朋友一起看看吧
允许root登录,ssh配置root远程登陆
热门推荐
一行真人
01-25 1万+
允许root登录,ssh配置root远程登陆 vim /etc/ssh/sshd_config 查找以下并修改 PermitRootLogin yes #允许root登录 PermitEmptyPasswords no #不允许空密码登录 PasswordAuthentication yes # 设置是否使用口令验证。 重启ssh服务:service ssh restart 如果以上还不行的话 可以尝试修改root密码 sudo passwd root 然后输入两次密码重置 ...
黑马Linux笔记04【Linux实用操作,软件安装、systemctl、软链接、日期和时区、IP地址和主机名、网络请求和下载、端口、进程管理、环境变量】
upward
03-09 673
黑马Linux笔记04【Linux实用操作,软件安装、systemctl、软链接、日期和时区、IP地址和主机名、网络请求和下载、端口、进程管理、环境变量】
21.9. Example
weixin_33835103的博客
01-08 157
例21.1.dhcp vlan rip [H3C]display current-configuration # sysname H3C # super password level 3 cipher D8Za-\BIMY/Q=^Q`MAF4<1!! # radius scheme system # domain system #...
使用root用户登录linux显示access denied解决办法
懂你的博客
11-21 5469
使用root用户登录linux显示access denied解决办法 原因是一般linux系统是默认禁止远程登录root用户的 需要使用以下命令使他允许登录: 首先编辑配置文件 vi /etc/ssh/sshd_config 1 在文件中找到 (可以使用搜索功能: 输入/Permit,找到后再按 I 进行编辑) #PermitRootLogin without-password 1 *注意...
Linux服务器安全之禁止root用户通过ssh登录(基于CentOS 7.0系统)
Nana8874的博客
07-29 3185
Linux服务器安全之禁止root用户通过ssh登录(基于CentOS 7.0系统)
彻底解决Ubuntu SSH 无法远程登录及root 登录ACCESS Denied 问题
沙漠之鹰的博客
07-16 1万+
采用VM虚拟机安装了Ubuntu 16.04 ,采用SSH远程连接发现了两个问题(与Centos不一样)。 第一,是SSH无法连接上刚建立的虚拟服务器。 原因是Ubuntu没有默认安装SSH服务,需要手动安装下。 1、 sudo ps -e |grep ssh #查看是否安装了SSH服务(如果显示为空则没安装) 2、sudo apt-get update #先更...
基于Windows10基于Linux的C语言笔记Ⅰ
lavandejoey的博客
02-03 1024
基于Linux的C语言笔记系统环境 系统环境 I have a Windows 10
华为交换机和路由器如何配置radius来实现RSA Securid的认证使用
weixin_33981932的博客
02-01 624
        公司买了一套RSA Securid,于是乎就想想华为的路由器和交换机也加入RSA来进行密码登陆管理。可是网上却没有相关的资料,在与华为和RSA厂家的配合下,一起完成了这个工作。        好东西当然要拿出来与大家分享。那下面就把配置方法和说明介绍给大家,希望有所帮助。 华为的路由器和交换机想通过RSA Securid来实现认证登陆,必须采用配置radius的方式来实现举例...
华为用户级别切换认证配置举例
achejq的专栏
07-04 1万+
用户级别切换认证配置举例 用户级别切换认证配置举例 关键词:用户级别切换认证,RADIUS,HWTACACS 摘  要:本文结合不同的登录认证方式,详细介绍了三种用户级别切换认证的配置思路和配置过程。 缩略语: 缩略语 英文全名 中文解释 AAA Authentication, Authorization
linux how to Secure the SSH Daemon: ochange the listening Port to 2266 oallow only a single non privileged user to connect to the SSH server. oDisable root login entirely.
06-01
To secure the SSH daemon on a Linux system, you can follow these steps: 1. Change the listening port to 2266: Edit the SSH daemon configuration file `/etc/ssh/sshd_config` and change the line `Port 22` to `Port 2266`. Then restart the SSH daemon by running `sudo systemctl restart sshd`. 2. Allow only a single non-privileged user to connect to the SSH server: Edit the SSH daemon configuration file and add the following lines at the end of the file: ``` AllowUsers username DenyUsers * ``` Replace `username` with the name of the user who should be allowed to connect. This will deny access to all users except for the specified user. 3. Disable root login entirely: Edit the SSH daemon configuration file and change the line `PermitRootLogin yes` to `PermitRootLogin no`. This will prevent anyone from logging in as the root user via SSH. After making these changes, remember to restart the SSH daemon by running `sudo systemctl restart sshd`.

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值