Disable direct root Login.

In previous post we saw how to Set Alerting for root login and How to Change Default SSH Port. To add more to the security you should also disable direct root Login and specific users should be allowed only.

To disable Direct root Login, you need to follow the steps below.

1. Open the file /etc/ssh/sshd_config and add the line below.

PermitRootLogin no

2. Create a new user – e.g. user bob and set a password to that user.

3. Open file /etc/group and add the user to the Wheel group. So the Wheel group in that file would look like this.

[root@server ~]# cat /etc/group | grep -i wheel
wheel:x:10:bob
[root@server ~]#

4. Finally restart sshd service.

[root@server ~]# systemctl restart sshd

5. Please make sure that permissions to below are set correctly.

chmod 4755 /bin/su
chmod 1700 /etc/passwd
chmod 1700 /etc/shadow
chmod 1755 /etc/groups

Remember the Golden Rule? Yes, always verify the changes from a different session before logging out the current one.

Leave a Reply

Your email address will not be published. Required fields are marked *