How to disable direct root login ?

[billau]

For that you need to do few different changes to the SSH config file, in this howto we will disable direct root login, disable SSH1(A Buggy SSH protocol).

Disabling direct root login will force a hacker to have to gain access to two seperate passwords to SSH into your server.

First, Set up the admin account if you haven't already got one:

groupadd admin
useradd admin -gadmin


Create a password for the new account.

passwd admin

On a CPanel system, you can now go into root WHM and add anotheruser to the wheel group, or use your favorite editor to put "admin" in the wheel group by editing /etc/group

Now, SSH into your server as admin and gain root access by typing:

su -

Next, use your favorite editor to edit /etc/ssh/sshd_config, assuming you are using pico, type:

pico -w /etc/ssh/sshd_config

Find the line:

#Protocol 2, 1
Uncomment it and change it to look like:

Protocol 2

Next, find the line:

#PermitRootLogin yes

Uncomment it and make it look like:

PermitRootLogin no

Now, save the file, with perl you would press CTRL+x, then y then enter to save the file.

Restart SSH by issueing this command:

/etc/rc.d/init.d/sshd restart

And if you like to disable 'su' you can use 'chmod 750 /bin/su'

[chirpy]

It's a good idea, but again you've missed out some crucial steps here:

Problem 1:

Disabling direct root login will force a hacker to have to gain access to two seperate passwords to SSH into your server.

No, it really doesn't. It just slows them down a little bit. Most hackers who have gained access to a non-root account is more likely to look for a local root vulnerability. They are also at a distinct advantage for running a dictionary attack against your root password being on the server, than doing so remotely. If you have procedures running that check for bad login attempts, then you can firewall such attempts before they get started. If a hacker gains access through a non-root account and then performs a dictionary attack on the root account, those will not come into play, and they are liable to crack it more easily.

I'm not saying don't do it - but don't get a false sense of security, thinking it will make it twice as hard to break in.

Problem 2:
You should state that you should never ever log out of your SSH session once you restart SSHD. You should always open a new session first and make sure you can login and get to root. If you can't, you then at least still have an opportunity to fix it.

Alternatively, you could open up telnet for the short period that you want to restart SSHD and make sure you login via it first, then change your root password.

Better suggestions, IMHO, than disabling root SSH access are to:

1. Use secure passwords (lower/upper case letters, numerics and non-alphanumeric characters) and change them at least monthly.

2. Don't use port 25, use a completely different (not already used) random port that only you know.

For the ultimate in SSH security, consider Port Knocking:
http://www.portknocking.org/

[SarcNBit]

2. Don't use port 25, use a completely different (not already used) random port that only you know.

You were just checking to make sure we were paying attention right?

We know you have mail delivery running through your veins

[chirpy]

Oops Thank you for spotting that. I'd go back and correct it, but, well, you need to leave some bit of initiative

[jeffheld]

and stop using usernames like "admin"

[chirpy]

Indeed, especially with the current skiddie script doing that rounds that attacks admin, test, and guest - other names never to have in your /etc/passwd/

[jeffheld]

trust noone! but root

[ISNScott]

everyone attempts to crack the username admin and the username guest dont ask why, i got lots of them from bfd

[chadi]

I have a problem, I set this up but I when I log back in I tried su -l and it gave me a "permissions denied" error.

I never chmodded it to 750 either.

How can I fix this now?

[chirpy]

You need to login to WHM and add the user you want to su from into the wheel group under Manage Wheel Group Users