Disable or Enable SSH Root Login and Limit SSH Access in Linux

Today, everyone knows that Linux systems comes with root user access and by default theroot access is enabled for outside world. For security reason it’s not a good idea to have sshroot access enabled for unauthorized users. Because any hacker can try to brute force your password and gain access to your system.

Disable Root Login

Disable SSH Root Login

So, its better to have another account that you regularly use and then switch to root user by using ‘su -‘ command when necessary. Before we start, make sure you have a regular user account and with that you su or sudo to gain root access.

In Linux, it’s very easy to create separate account, login as root user and simply run the ‘adduser‘ command to create separate user. Once user is created, just follow the below steps to disable root login via SSH.

We use sshd master configuration file to disable root login and this will may decrease and prevent the hacker from gaining root access to your Linux box. We also see how to enableroot access again as well as how to limit ssh access based on users list.

Disable SSH Root Login

To disable root login, open the main ssh configuration file /etc/ssh/sshd_config with your choice of editor.

# vi /etc/ssh/sshd_config

Search for the following line in the file.

#PermitRootLogin no

Remove the ‘#‘ from the beginning of the line.  Make the line look like similar to this.

PermitRootLogin no

Next, we need to restart the SSH daemon service.

# /etc/init.d/sshd restart

Now try to login with root user, you will get “Access Denied” error.

login as: root
Access denied
root@172.31.41.51's password:

So, from now onwards login as normal user and then use ‘su’ command to switch to root user.

login as: tecmint
Access denied
tecmint@172.16.25.126's password:
Last login: Tue Oct 16 17:37:56 2012 from 172.16.25.125
[tecmint@tecmint ~]$ su -
Password:
[root@tecmint ~]#

Enable SSH Root Login

To enable ssh root logging, open the file /etc/ssh/sshd_config.

# vi /etc/ssh/sshd_config

Search for the following line and put the ‘#‘ at the beginning and save the file.

# PermitRootLogin no

Restart the sshd service.

# /etc/init.d/sshd restart

Now try to login with root user.

login as: root
Access denied
root@172.16.25.126's password:
Last login: Tue Nov 20 16:51:41 2012 from 172.16.25.125
[root@tecmint ~]#

Limit SSH User Logins

If you have large number of user accounts on the systems, then it makes sense that we limit remote access to those users who really need it. Open the /etc/ssh/sshd_config file.

# vi /etc/ssh/sshd_config

Add an AllowUsers line at the bottom of the file with a space separated by list of usernames. For example, user tecmint and sheena both have access to remote ssh.

AllowUsers tecmint sheena

Now restart ssh service.

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值