While directly logging into a server as root is certainly easy it is not the best choice from a security standpoint. Disabling direct root logins is not something that instantly makes a server impervious but it does help fight against petty brute force script kiddies. There are two options when disabling direct root login, one is to have them completely disabled and the other is to have it only with an ssh key. Make SURE that you add another user you can ssh into. If you are using cPanel use WHM --> Manage wheel users and add your user. Once logging in you can do "su -" you will gain full root access and be able to do your normal administrative commands. Make sure you use su - and not simply su, without the - you will not be on the root path and not have access to all commands.
First open up the ssh config:
nano /etc/ssh/sshd_config
PermitRootLogin
You will want to set it to either PermitRootLogin no or PermitRootLogin without-password. Once done simply save and restart sshd
service sshd restart
No comments:
Post a Comment