Best-Selling Hosting
- Colocation Hosting
- Shared Hosting
- VPS Hosting
- Reseller Hosting
- Windows Hosting
- PHP Hosting
- Multiple Domain Hosting
- ASP Hosting
- Best Web Hosting Companies
- Dedicated Servers
- Java Hosting
- Managed Servers
- Coldfusion Hosting
- Linux Hosting
- Database Hosting
- > All Hosting Services
Top Rated Providers
Editors Pick
Disable Direct Root Logins
Published: Oct 28, 2003
-
Rating
3/5
Rating
3/5Allowing the root user to login directly is a major security issue, we'll show you how to disable it.
Allowing the root user to login directly is a major security issue, we'll show you how to disable it so you can still login as root but just not directly, reducing the security issue.This will force a hacker to have to guess 2 seperate passwords to gain root access.
(you do have 2 seperate passwords for admin and root right?)
What happens is you'll first need to login as your admin user in SSH, then switch to the super user with the su command to get root.
We also will be forcing the use of SSH protocol 2, which is a newer, more secure SSH protocol
Just a couple more ways to help your server stay safe from the bad guys. If you're using cPanel make sure you add your admin user to the 'wheel' group so that you will be able to 'su -' to root, otherwise you may lock yourself out of root.
1. SSH into your server as 'admin' and gain root access by suÂ
2. Copy and paste this line to edit the file for SSH logins Â
pico -w /etc/ssh/sshd_config
3. Find the line
Protocol 2, 1Â
4. Uncomment it and change it to look like
Protocol 2
5. Next, find the line
PermitRootLogin yes
6. Uncomment it and make it look like PermitRootLogin noÂ
7. Save the file Ctrl+X then Y then enterÂ
8. Now you can restart SSH
/etc/rc.d/init.d/sshd restart
Now, no one will be able to login to root with out first loggin in as admin and 'su -' to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords!Â
Related Articles
- Guide to Chkrootkit - checking for intruders
- Creating a Welcome message for SSH logins
- Mask Your Web Server for Enhanced Security
- E-mail Alert on Root SSH Login
- How to install BFD (Brute Force Detection)
- How to install APF (Advanced Policy Firewall)
- How to install mod_security for Apache
- How to Disable Telnet
- How to install KISS Firewall
- Detect and Clean a hacked server T0rnkit Tutorial
- Compile 2.6.7 Kernel w/module-init-tools
Comments (12)
-
Just Asking 23:50, November 17, 2003This though breaks DNS sycronization in cPanel as it requires root login to sync zones files across servers.
-
Sam 16:09, January 30, 2004Hi, try this :
#LoginGraceTime 600
PermitRootLogin without-password
#StrictModes yes
It should fix the DNS sycronization problem. -
vera 12:51, February 10, 2005named has failed, please contact the sysadmin (result was "named is not running"). Feb 10 14:57:52 server named: named shutdown failed Feb 10 14:57:52 server named: named: user 'named' unknown Feb 10 14:57:52 server named: named startup failed
-
Aingaran 18:03, April 11, 2005Can you specify more than 1 port for ssh? IE, 22 & 222?
-
Ravindra 13:16, August 25, 2005please send me uttorials about linux networking
-
qwe010 22:00, May 28, 2006i do<br />
<br />
put i can't forcing the use ?<br />
<br /> -
Vishal 20:54, July 4, 2006Great Thanks,<br />
<br />
It worked well -
Remus 04:53, August 16, 2006excellent, thank you.
-
Anthony 14:02, February 20, 2007I followed the steps. but my linx still allows direct root logins.
-
Jaop 20:21, October 23, 2007Excellent Ideas ! Thank you !
-
Clemme 09:26, April 4, 2008Thanks a lot dude, works like a charm.
-
Mike 22:02, July 19, 2010Thanks a lot, just working like I wanted.
Add Your Thoughts
WebHostGear.com is a hosting directory, not a web host.
Copyright © 1998-2024 WebHostGear.com