Disabling direct root login will force a hacker to have to gain access to two seperate passwords to SSH into your server.
First, Set up the admin account if you haven't already got one:
Quote:
groupadd admin
useradd admin -gadmin
|
Create a password for the new account.
On a CPanel system, you can now go into root WHM and add anotheruser to the
wheel group, or use your favorite editor to put "admin" in the wheel group by editing
/etc/group
Now, SSH into your server as admin and gain root access by typing:
Next, use your favorite editor to edit
/etc/ssh/sshd_config, assuming you are using pico, type:
Quote:
|
pico -w /etc/ssh/sshd_config
|
Find the line:
Uncomment it and change it to look like:
Next, find the line:
Uncomment it and make it look like:
Now, save the file, with perl you would press
CTRL+x, then y then enter to save the file.
Restart SSH by issueing this command:
Quote:
|
/etc/rc.d/init.d/sshd restart
|
Next, we'll make sure we disable telnet:
Quote:
|
pico -w /etc/xinetd.d/telnet
|
Change the
disable = no line to
disable = yes than save the file (Ctrl+X in pico)
Finally, Restart xinted with:
Quote:
|
/etc/rc.d/init.d/xinetd restart
|
That's all !
---------------------------------
Best Regards,
UKShane 
http://www.eukhost.com
How To: Disable direct root logins, and create a more secure SSH enviorment.
Linear Mode
