In my previous post I wrote about how to slow down brute force SSH attacks. If you'd like to add a bit more security, and do what my Intro to CS college professor told me was "good practice", don't use root to log in to your server. These steps will show you how to disable root ssh access, but still have the ability to perform administrator level tasks.
WARNING: The following steps have the potential to lock you out of your Linux server if you're not careful. I suggest practicing on a new virtual server first so that you can easily re-kick the machine if necessary. I am using Ubuntu, your Linux flavor may have slightly different instructions.
Let's take a look at the steps from a high-level, and then deep-dive into the details:
- Add a new user account that will be used to log in
- Add the new user as a 'sudoer' (someone who can perform administrative tasks)
- Test to make sure you can log in as that user, and can perform admin tasks (sudo)
- Invalidate the 'root' user password
- Test to make sure you are not able to log in as root
Create a new user, fred
$> useradd -d /home/fred -m fred
$> passwd fred //sets the password
$> vi /etc/passwd //fred prefers bash
fred:x:1000:1000::/home/fred:/bin/bash
Add Fred to the sudo (admin) group
$> vi /etc/group
sudo:x:27:fred
Verify the 'sudoers' file is correct
$> visudo
%sudo ALL=(ALL:ALL) ALL
Log out as root, log in as Fred, verify sudo works
$> exit
$> ssh fred@yourserver
$> sudo vi /etc/passwd
Invalidate the root user password
$> sudo passwd -l root
Logging in as 'root' is now disabled via SSH, unless you have set up SSH keys in the past. If you have, you'll need to remove them to fully remove access.
Comments