Disable Direct Root Login

Disable Direct Root Login

While implementing security tweaks on the server, one of the most important tweak we should perform is to disable direct root login which will force the hacker to have to guess 2 seperate passwords to gain root access.

Following steps will show you how to disable direct root login. If you are using cPanel server make sure you add your admin user to the ‘wheel’ group so that you will be able to ‘su –‘ to root, otherwise you may lock yourself out of root.

1. SSH into your server as ‘admin’ and gain root access by su

2. Copy and paste this line to edit the file for SSH logins
vi /etc/ssh/sshd_config

3. Find the line
Protocol 2, 1

4. Uncomment it and change it to look like
Protocol 2

5. Next, find the line
PermitRootLogin yes

6. Uncomment it and make it look like PermitRootLogin no

7. Save the file

8. Now you can restart SSH
/etc/rc.d/init.d/sshd restart

Now, no one will be able to login to root with out first loggin in as admin and ‘su –‘ to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords!

Latest posts by Sam (see all)


Leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.