One way to secure your server is to disable the root access or login through ssh, because any cracker can attempt to brute force your root password and potentially get access to your system if they can figure out your password. The safest way is to keep a separate account that you can regularly use and simply sudo to root when necessary.
Procedures
1. Add the user.
– In the following example, we will use the user name burnz.
– The command adduser will automatically create the user, initial group, and home directory.
[root@myserver.com ~]# adduser burnz [root@myserver.com ~]# id burnz uid=10018(burnz) gid=10018(burnz) groups=10018(burnz) [root@myserver.com ~]# ls -lad /home/burnz/ drwx------ 2 burnz burnz 4096 Dec 25 16:01 /home/burnz/
2. Set the password for the burnz user. When prompted, type and then retype the password.
[root@myserver.com ~]# passwd burnz Changing password for user burnz. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@myserver.com ~]#
3. SSH to the server with the new burnz user and ensure that the login works.
[root@localhost ~]#ssh burnz@myserver.com burnz@myserver.com's password: [burnz@myserver.com ~]$
4. Verify that you can su (switch user) to root with the burnz user.
[burnz@myserver.com ~]$ su - Password: [root@myserver.com ~]$ whoami root
5. Edit /etc/ssh/sshd_config with your favorite text editor.
[root@root ~]# nano /etc/ssh/sshd_config Change this line: PermitRootLogin yes Edit to this: PermitRootLogin no
6. Ensure that you are logged into the box with another shell before restarting sshd to avoid locking yourself out of the server.
[root@root ~]# /etc/init.d/sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ]
You will now be able to connect to your server via ssh with the burnz user and then use the command su to switch to the root user.
var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-37138722-1']); _gaq.push(['_trackPageview']);
(function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();