GIDNetwork > Disabling root SSH logins
Register
« Enabling Zend Optimizer with DirectAdmin My first BASH Script. »

Disabling root SSH logins

by: admin - Dec 10, 2005

My web server was set up just 6 days ago. Within a couple of days, it was already attracting a number of "probes". Casually, I went through the /var/log/messages file. It was amazing... 8O

Everyday, more and more people were attempting to login as root!

Generic Code Example:

Dec  6 09:25:24 vis sshd(pam_unix)[14882]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.119.93.3  user=root
...
Dec  7 06:09:25 vis sshd(pam_unix)[20197]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.direct-36-24.bgcell.net  user=root
Dec  7 06:09:25 vis sshd(pam_unix)[20195]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.direct-36-24.bgcell.net  user=root
Dec  7 06:09:25 vis sshd(pam_unix)[20196]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.direct-36-24.bgcell.net  user=root
...
Dec  8 09:08:02 vis sshd(pam_unix)[7564]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=vaibhavgems.co.in  user=root
Dec  8 09:08:02 vis sshd(pam_unix)[7561]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=vaibhavgems.co.in  user=root
Dec  8 09:08:02 vis sshd(pam_unix)[7567]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=vaibhavgems.co.in  user=root
Dec  8 09:08:02 vis sshd(pam_unix)[7560]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=vaibhavgems.co.in  user=root
Dec  8 09:08:02 vis sshd(pam_unix)[7566]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=vaibhavgems.co.in  user=root

There are a lot more to show than just these lines but I don't want to bore you now.

To disable direct root logins like this, I made the following changes...

Find the sshd_config file

Login as root :P

My sshd_config file is located at /etc/ssh/sshd_config and it is probably the most common place to find it. If not, you can search for it :

Generic Code Example:

find / -name "sshd_config"

Edit the sshd_config file

What we want to do is edit this file. We need to uncomment and edit just one line inside this file, at least.

To edit, I used vim, a text editor I am quite comfortable with (on Linux). Back to the steps...

Open the file for editing:

Generic Code Example:

vim /etc/ssh/sshd_config

You should be viewing the contents of this file now. We're looking for #PermitRootLogin yes. If you don't know how to move around this file, or to look for this line, just use the arrow keys.

To modify the line, you just press the i key on your keyboard and you should be in vim's "INSERT" mode.

Just remove the hash sign (to uncomment the line, or enable it) and change the value to no. It should look like this after the modifications:

Generic Code Example:

...
PermitRootLogin no
...

Press the ESC key to exit vim's "INSERT" mode, then type :wq and press ENTER, to save the changes and to exit vim.

Restart sshd

To make these changes active, you need to restart sshd...

Generic Code Example:

/sbin/service sshd restart

Now, everytime you login to your remote (web) server, you need to login as a regular user and once logged in, you just "substitute user" to root i.e. su -.

Would you like to comment? This story has been viewed 13,065 times.
« Enabling Zend Optimizer with DirectAdmin My first BASH Script. »

__top__

Copyright © GIDNetwork™ 2001 - 2017

Another website by J de Silva

Page generated in : 0.02814 sec.