Server Security – Disable root login

I would recommened that you do not use the root user to access any server. It is better to disable the root login, cause many automated scripts are trying to access the root user via ssh with some common passwords.

On my server i setup another user which afterwords is allowed to become root, e.g.:

useradd –home-dir /home/myuser -m –shell /bin/bash myuser
passwd user

groupadd admin

This will create a user with the name myuser. After the second command you have to enter a password twice. It should be a secure password. It is best to NOT use any readable words or lead speak. Instead use random letters in upper and lower case, some numbers and best also some special character, e.g. !,&

The user is also added to the group admin.
Now you can use the tool visudo to edit the sudoers file. Add this snippet:

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
Afterwords try to login to the new user, and enter
sudo su

After typing in your password you should become root. If this works you can disable the root login in the /etc/ssh/sshdconfig:

PermitRootLogin no

Just set the value for PermitRootLogin from yes to no. This should increase security quite a bit.

Even better would it now be to only allow login to the server via an ssh-key.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *