Disable Direct root access

Published by ndzadmpanel on May 27, 2013

Tags

Disable Direct root access in Linux Server
Disabling direct root access provides two levels of security. The login needs to be performed as a normal ssh user first and then switch to root user. This necessitates two valid logins and passwords. Also only privileged users are permitted to switch to root, that too provides another level of security.

To disable direct root login, modify the configuration file and disable the corresponding directive to look like the following one

PermitRootLogin no

SSH user creation

Existence of an SSH user who can switch to root is essential when direct root access is disabled. The process is simple, you simply need to create a normal ssh user and then add the user to wheel group . For eg. I have created the user as “admin” and below is the commands I used to complete the process

adduser admin
passwd admin
usermod -g wheel username

Changing the group can be done either through WHM or by editting the /etc/group file. Confirm the process by performing the following test

#grep wheel /etc/group

wheel::10:root,admin

It confirms that the ssh user “admin” is a member of wheel group. Since all wheel group users are privileged to switch to superuser, he can switch to the root account.

Restart the sshd service and once it is done. Try to login to the server as root and it should fail.

Disable Direct root access

ndzadmpanel

Related posts

Dual Php with Apache-CGI in Plain server

Install APCu in cPanel server

Key Based SSH Logins With PuTTY

Leave a Reply Cancel reply