Jan 262010
 

Allowing the root user to login directly can be a major security issue. Here, i’ll show you how to disable it so you can still login as root but just not directly, reducing the security risk. This will force an attacker to guess 2 separate passwords to gain root access.

You will first need to login as your root user in SSH. We will be forcing the use of SSH protocol 2, which is a newer, more secure SSH protocol. If you’re using cPanel make sure you add your admin user to the ‘wheel’ group so that you will be able to ’su -’ to root, otherwise you may lock yourself out of root.

1. SSH into your server as ‘root’. Now, let’s create a user and add it to the wheel group. For example. we want to create a user admin and give him su privileges.

SSH into your server as root and follow the below commands to create a user.

groupadd admin

useradd admin –gadmin
// Please note -g in the second line

now, lets add a password to the account
(generated using)
perl -le 'print map { ("a".."z", 0..9)[rand 36] } 1..12'

passwd admin
Changing password for user admin.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

// You can replace admin with any username of your choice.

Next, add user to wheel group. Use your browser to login to your WHM panel and go to Main >> Security Center >> Manage Wheel Group Users

You will see “Added user admin to the wheel group” Now, click on “Manage Wheel Group Users” again and it will return you to the Manage Wheel Group Users section.

You will see there; Users Currently in the wheel group “root,admin” Note: This group controls which users can use the system’s `su` utility.

You have successfully added a user to the ‘wheel’ group who will be able to ‘su -‘ to root.

LOGOUT OF SSH

Before we disable root login, let us check if the user can login and su – to gain root privileges.

SSH into your server as ‘admin’
ssh [email protected]
Password :0e05tjs0c3bm
The authenticity of host ‘10.255.255.255 (10.255.255.255)’ can’t be established.
RSA key fingerprint is 6e:ea:03:08:72:8d:df:b5:00:cd:92:c8:24:74:de:46.
Are you sure you want to continue connecting (yes/no) yes
[email protected]:~$
now, at the command prompt type in
su –
password:0e05tjs0c3bm

You have successfully logged in and have root privileges. Now let us disable root login.

2. Copy and paste this line to edit the file for SSH logins
vim /etc/ssh/sshd_config

3. Find the line
Protocol 2, 1

4. Uncomment it and change it to look like
Protocol 2

5. Next, find the line
PermitRootLogin yes

6. Uncomment it and make it look like
PermitRootLogin no

7. Save the file
:wq

8. Now you can restart SSH
/etc/rc.d/init.d/sshd restart

Now, no one will be able to login to root with out first logging in as admin and ’su -’ to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords!

 Posted by at 7:45 am

 Leave a Reply