Disable root access for your SSH Server

This is just a short tutorial about one of many possible ways to protect your server from external attacks. If you’re running a Server you’ll probably access it via SSH and as root user. This is a default setting, but easy to fix with almost no effort. Since you’re able to log in as root, others will be able to log in as root as well. Therefore, we’re adding an extra layer of security while we’re removing direct root access and only force one specific user to log in.

First of all make sure you have your new user already set up. You can easily add new users with either useradd or adduser.

Accessing SSH

We’re going to connect to our Server via SSH with Putty or my favorite mRemoteNG and open the configuration file

Editing the configuration file

Before we scroll down you’ll see the Port, usually set to 22. It is possible to change that, but it is very rare that attackers are just scanning one specific port. If they do, however, they would end up receiving an error that there is no services running on that port.

Change the following settings and press CTRL+O (save file) and CTRL+X (exit)

Restart the SSH Server

Before our changes take effect we have to restart the SSH Server

Logging in as new user and switching to root

First we test if we’re still able to log in as root user

Now we log in as the user we set in the configuration file with the user’s password and switch to the root user afterwards