Thursday, February 18, 2010

How To disable root access via SSH

If you are planning to deploy openssh on any server, you must secure it from hackers. There are several programs on internet which can launch a brute force attack against your ssh server. The first step to a secure ssh server is to disable root access via ssh. Brute force attackers often try to guess root password using dictionary attack.

Open /etc/ssh/sshd_config file using your favorite editor. You must be root to do this.

Scroll down the file until you locate
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
Modify PermitRootLogin to
PermitRootLogin no
You can save the file and restart ssh server . On ubuntu you can do this as below.

# /etc/init.d/ssh restart

After restarting SSH, try to connect using the root account. Access will be denied. However , if you want to access root from a remote machine via ssh, login using a normal user account and use su to become root.

No comments: