Home

How can I disable root logins via ssh on Redhat?

Before you disable root logins you should add an administrative user that can ssh into the server and become root with su.



1. Add the user. In the following example we will use the user name
admin. adduser will automatically create the user, initial group, and
home directory. We will specify that we want to add admin to the
“wheel” group.


[root@root ~]# adduser admin -G wheel

[root@root ~]#  id admin

uid=501(admin) gid=501(admin) groups=501(admin),10(wheel)

[root@root ~]# ls -lad /home/admin/

drwx———  2 admin admin 4096 Nov  8 16:01 /home/admin/


2. Set the password for the admin user. When prompted type and then retype the password.



[root@root ~]# passwd admin

Changing password for user admin.

New UNIX password:

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

[root@root ~]#


3. SSH to the server with the new admin user and ensure that the login works.


[root@root ~]#ssh admin@my.ip.or.hostname

admin@my.ip.or.hostname’s password:

[admin@admin ~]$


4. Verify that you can su (switch user) to root with the admin user.


[admin@admin ~]$ su -

Password:

[root@root ~]$ whoami

root



5. Edit /etc/ssh/sshd_config with your favorite text editor.


[root@root ~]# vi /etc/ssh/sshd_config



Change this line:



#PermitRootLogin yes



to this:



PermitRootLogin no


6. Ensure that you are logged into the box with another shell before
restarting sshd to avoid locking yourself out of the server.


[root@root ~]# /etc/init.d/sshd restart

Stopping
sshd:                                            
OK  ]

Starting
sshd:                                            
OK  ]

[root@root ~]#


Your rating: None Average: 4 (1 vote)