Linux

Disable root access for your SSH Server

Caribou360 - Superior Alaska Web Design

This is just a short tutorial about one of many possible ways to protect your server from external attacks. If you’re running a Server you’ll probably access it via SSH and as root user. This is a default setting, but easy to fix with almost no effort. Since you’re able to log in as root, others will be able to log in as root as well. Therefore, we’re adding an extra layer of security while we’re removing direct root access and only force one specific user to log in.

First of all make sure you have your new user already set up. You can easily add new users with either useradd or adduser.

Accessing SSH

We’re going to connect to our Server via SSH with Putty or my favorite mRemoteNG and open the configuration file

Terminal
login as: root
[email protected]’s password: ••••••
Welcome to your Server

[email protected]:~# whoami
root
[email protected]:~# nano /etc/ssh/sshd_config

Editing the configuration file

Before we scroll down you’ll see the Port, usually set to 22. It is possible to change that, but it is very rare that attackers are just scanning one specific port. If they do, however, they would end up receiving an error that there is no services running on that port.

Terminal
# Logging
SyslogFacility AUTH
Loglevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictMode yes
AllowUsers user360

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

Change the following settings and press CTRL+O (save file) and CTRL+X (exit)

Restart the SSH Server

Before our changes take effect we have to restart the SSH Server

Terminal
[email protected]:~# /etc/init.d/ssh restart
[ ok ] Restarting ssh (via systemctl): ssh.service.
[email protected]:~# exit
Logging in as new user and switching to root

First we test if we’re still able to log in as root user

Terminal
login as: root
[email protected]’s password: ••••••
Access denied
[email protected]’s password:

Now we log in as the user we set in the configuration file with the user’s password and switch to the root user afterwards

Terminal
login as: user360
[email protected]’s password: ••••••
Welcome to your Server

[email protected]:~# whoami
user360
[email protected]:~# su
Password: ••••••
caribou user360 # whoami
root
caribou user360 #