Q. How do I block access to root user over ssh session?
A.. sshd (OpenSSH Daemon) is the daemon program for ssh. Server side ssh configuration is defined in /etc/ssh/sshd_config file.
You need to use DenyUsers option to block access to root user.
This option can be followed by a list of user name patterns, separated by spaces. Login is disallowed for user names that match one of the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts.
Open /etc/ssh/sshd_config file
Use vi command:
# vi /etc/ssh/sshd_config
Deny root user access
Append or modify as follows to block root user:
DenyUsers root
If you want to block additional user just append names to DenyUsers
DenyUsers root, user2, user3
Save and close the file. Restart sshd service:
#/etc/init.d/sshd restart
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
{ 1 comment… read it below or add one }
in /etc/ssh/sshd_config
setting this:
PermitRootLogin no
should also do the same thing, but denyusers works too :)