{"id":2161,"date":"2010-01-26T07:45:34","date_gmt":"2010-01-26T12:45:34","guid":{"rendered":"http:\/\/g33kinfo.com\/info\/?p=2161"},"modified":"2010-01-26T07:45:34","modified_gmt":"2010-01-26T12:45:34","slug":"disable-direct-root-login-2","status":"publish","type":"post","link":"https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/","title":{"rendered":"Disable Direct Root Login"},"content":{"rendered":"<p>Allowing the root user to login directly can be a major security issue. Here, i\u2019ll show you how to disable it so you can still login as root but just not directly, reducing the security risk. This will force an attacker to guess 2 separate passwords to gain root access. <\/p>\n<p>You will first need to login as your root user in SSH. We will be forcing the use of SSH protocol 2, which is a newer, more secure SSH protocol. If you\u2019re using cPanel make sure you add your admin user to the \u2018wheel\u2019 group so that you will be able to \u2019su -\u2019 to root, otherwise you may lock yourself out of root.<\/p>\n<p>1. SSH into your server as \u2018root\u2019. Now, let&#8217;s create a user and add it to the wheel group. For example. we want to create a user admin and give him su privileges.<\/p>\n<p>SSH into your server as root and follow the below commands to create a user.<br \/>\n<code><br \/>\ngroupadd admin<br \/>\n<\/code><br \/>\n<code>useradd admin \u2013gadmin<\/code><br \/>\n\/\/ Please note -g in the second line<\/p>\n<p>now, lets add a password to the account<br \/>\n(generated using)<br \/>\n<code> perl -le 'print map { (\"a\"..\"z\", 0..9)[rand 36] } 1..12'  <\/code><\/p>\n<p><code>passwd admin<br \/>\nChanging password for user admin.<br \/>\nNew UNIX password:<br \/>\nRetype new UNIX password:<br \/>\npasswd: all authentication tokens updated successfully.<br \/>\n<\/code><\/p>\n<p>\/\/ You can replace admin with any username of your choice.<\/p>\n<p>Next, add user to wheel group. Use your browser to login to your WHM panel and go to Main >> Security Center >> Manage Wheel Group Users<\/p>\n<p>You will see &#8220;Added user admin to the wheel group&#8221; Now, click on &#8220;Manage Wheel Group Users&#8221; again and it will return you to the Manage Wheel Group Users section.<\/p>\n<p>You will see there; Users Currently in the wheel group &#8220;root,admin&#8221; Note: This group controls which users can use the system&#8217;s `su` utility.<\/p>\n<p>You have successfully added a user to the &#8216;wheel&#8217; group who will be able to &#8216;su -&#8216; to root.<\/p>\n<h3>LOGOUT OF SSH<\/h3>\n<p>Before we disable root login, let us check if the user can login and su \u2013 to gain root privileges.<\/p>\n<p>SSH into your server as &#8216;admin&#8217;<br \/>\n<code>ssh admin@hostname.com<\/code><br \/>\nPassword :0e05tjs0c3bm<br \/>\nThe authenticity of host &#8216;10.255.255.255 (10.255.255.255)&#8217; can&#8217;t be established.<br \/>\nRSA key fingerprint is 6e:ea:03:08:72:8d:df:b5:00:cd:92:c8:24:74:de:46.<br \/>\nAre you sure you want to continue connecting (yes\/no) yes<br \/>\nadmin@host:~$<br \/>\nnow, at the command prompt type in<br \/>\n<code>su \u2013<br \/>\npassword:0e05tjs0c3bm<\/code><\/p>\n<p>You have successfully logged in and have root privileges. Now let us disable root login.<\/p>\n<p>2. Copy and paste this line to edit the file for SSH logins<br \/>\n<code>vim \/etc\/ssh\/sshd_config<\/code><\/p>\n<p>3. Find the line<br \/>\n<code>Protocol 2, 1<\/code><\/p>\n<p>4. Uncomment it and change it to look like<br \/>\n<code>Protocol 2<\/code><\/p>\n<p>5. Next, find the line<br \/>\n<code>PermitRootLogin yes<\/code><\/p>\n<p>6. Uncomment it and make it look like<br \/>\n<code>PermitRootLogin no<\/code><\/p>\n<p>7. Save the file<br \/>\n<code>:wq<\/code><\/p>\n<p>8. Now you can restart SSH<br \/>\n\/etc\/rc.d\/init.d\/sshd restart<\/p>\n<p>Now, no one will be able to login to root with out first logging in as admin and \u2019su -\u2019 to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Allowing the root user to login directly can be a major security issue. Here, i\u2019ll show you how to disable it so you can still login as root but just not directly, reducing the security risk. This will force an attacker to guess 2 separate passwords to gain root access. You will first need to&#8230; <\/p>\n<div class=\"read-more navbutton\"><a href=\"https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/\">Read More<i class=\"fa fa-angle-double-right\"><\/i><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-2161","post","type-post","status-publish","format-standard","hentry","category-info"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Disable Direct Root Login - Linux Shtuff<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Disable Direct Root Login - Linux Shtuff\" \/>\n<meta property=\"og:description\" content=\"Allowing the root user to login directly can be a major security issue. Here, i\u2019ll show you how to disable it so you can still login as root but just not directly, reducing the security risk. This will force an attacker to guess 2 separate passwords to gain root access. You will first need to... Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux Shtuff\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:author\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:published_time\" content=\"2010-01-26T12:45:34+00:00\" \/>\n<meta name=\"author\" content=\"g33kadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/drsinger1111\" \/>\n<meta name=\"twitter:site\" content=\"@drsinger1111\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-direct-root-login-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-direct-root-login-2\\\/\"},\"author\":{\"name\":\"g33kadmin\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"headline\":\"Disable Direct Root Login\",\"datePublished\":\"2010-01-26T12:45:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-direct-root-login-2\\\/\"},\"wordCount\":470,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"articleSection\":[\"General Info\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-direct-root-login-2\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-direct-root-login-2\\\/\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-direct-root-login-2\\\/\",\"name\":\"Disable Direct Root Login - Linux Shtuff\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\"},\"datePublished\":\"2010-01-26T12:45:34+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-direct-root-login-2\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-direct-root-login-2\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-direct-root-login-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Disable Direct Root Login\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\",\"name\":\"Linux Shtuff\",\"description\":\"Because I have CRS Syndrome...\",\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\",\"name\":\"g33kadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"contentUrl\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"width\":512,\"height\":512,\"caption\":\"g33kadmin\"},\"logo\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\"},\"description\":\"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\\\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....\",\"sameAs\":[\"https:\\\/\\\/thelinuxreport.com\",\"https:\\\/\\\/fb.me\\\/g33kinf0\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/drsinger1111\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Disable Direct Root Login - Linux Shtuff","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/","og_locale":"en_US","og_type":"article","og_title":"Disable Direct Root Login - Linux Shtuff","og_description":"Allowing the root user to login directly can be a major security issue. Here, i\u2019ll show you how to disable it so you can still login as root but just not directly, reducing the security risk. This will force an attacker to guess 2 separate passwords to gain root access. You will first need to... Read More","og_url":"https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/","og_site_name":"Linux Shtuff","article_publisher":"https:\/\/fb.me\/g33kinf0","article_author":"https:\/\/fb.me\/g33kinf0","article_published_time":"2010-01-26T12:45:34+00:00","author":"g33kadmin","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/drsinger1111","twitter_site":"@drsinger1111","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/#article","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/"},"author":{"name":"g33kadmin","@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"headline":"Disable Direct Root Login","datePublished":"2010-01-26T12:45:34+00:00","mainEntityOfPage":{"@id":"https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/"},"wordCount":470,"commentCount":0,"publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"articleSection":["General Info"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/","url":"https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/","name":"Disable Direct Root Login - Linux Shtuff","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/#website"},"datePublished":"2010-01-26T12:45:34+00:00","breadcrumb":{"@id":"https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/g33kinfo.com\/info\/disable-direct-root-login-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/g33kinfo.com\/info\/"},{"@type":"ListItem","position":2,"name":"Disable Direct Root Login"}]},{"@type":"WebSite","@id":"https:\/\/g33kinfo.com\/info\/#website","url":"https:\/\/g33kinfo.com\/info\/","name":"Linux Shtuff","description":"Because I have CRS Syndrome...","publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/g33kinfo.com\/info\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547","name":"g33kadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","url":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","contentUrl":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","width":512,"height":512,"caption":"g33kadmin"},"logo":{"@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif"},"description":"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....","sameAs":["https:\/\/thelinuxreport.com","https:\/\/fb.me\/g33kinf0","https:\/\/x.com\/https:\/\/twitter.com\/drsinger1111"]}]}},"_links":{"self":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/2161","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/comments?post=2161"}],"version-history":[{"count":0,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/2161\/revisions"}],"wp:attachment":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/media?parent=2161"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/categories?post=2161"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/tags?post=2161"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}