In previous post we saw how to Set Alerting for root login and How to Change Default SSH Port. To add more to the security you should also disable direct root Login and specific users should be allowed only.
To disable Direct root Login, you need to follow the steps below.
1. Open the file /etc/ssh/sshd_config and add the line below.
2. Create a new user – e.g. user bob and set a password to that user.
3. Open file /etc/group and add the user to the Wheel group. So the Wheel group in that file would look like this.
[root@server ~]# cat /etc/group | grep -i wheel wheel:x:10:bob [root@server ~]#
4. Finally restart sshd service.
[root@server ~]# systemctl restart sshd
5. Please make sure that permissions to below are set correctly.
chmod 4755 /bin/su chmod 1700 /etc/passwd chmod 1700 /etc/shadow chmod 1755 /etc/groups
Remember the Golden Rule? Yes, always verify the changes from a different session before logging out the current one.