Security Disable root login, Configure SSHD Configuration:
Ensure that root login is disabled in the SSHD configuration file (sshd_config). Set PermitRootLogin no.
Disabling root login for SSH is a good security practice to enhance the security of your server. By doing this, you prevent direct root logins, forcing users to log in as a regular user and then use sudo
or another privilege escalation method. Here’s how you can disable root login in the SSH configuration file (sshd_config
):
- Connect to Your Server: Open a terminal or connect to your server via SSH.
- Edit
sshd_config
File: Use a text editor, such asnano
orvi
, to edit thesshd_config
file. You may need elevated privileges to modify this file.bashsudo nano /etc/ssh/sshd_config
orsudo vi /etc/ssh/sshd_config
- Find the
PermitRootLogin
Line: Locate the line in thesshd_config
file that begins withPermitRootLogin
. If the line doesn’t exist, you can add it.PermitRootLogin no
This line specifies that root login is not allowed. - Save and Exit:
- In
nano
, pressCtrl + X
, thenY
to confirm the changes, and finally pressEnter
. - In
vi
, pressEsc
, then type:wq
and pressEnter
.
- In
- Restart SSH Service: After making changes to the
sshd_config
file, restart the SSH service for the changes to take effect.bashsudo service ssh restart
orsudo systemctl restart ssh
By setting PermitRootLogin no
, you are disabling direct root logins via SSH. After making this change, make sure that you have another user with administrative privileges who can log in and perform administrative tasks using sudo
.
Always be cautious when editing configuration files, and ensure that you have a way to access your server in case there are any issues. Additionally, consider having a backup of the sshd_config
file before making changes.