Disable SSH Root Logins on RHEL

April 30, 2007 | Filed Under All Stories, Data and Technology

For one reason or another RHEL does not disallow incoming ssh connections as root. This is, of course a glaring security problem which should be addressed for all systems that allow ssh connections to be made from any but the most restricted networks.

The best practice, of course, would be to make the initial ssh connection as an unprivileged user and then use the “su” command to promote yourself to root. This way, even if an attacker managed to get into the system, it would be as an unprivileged user and they would not able to do much harm. Allowing incoming ssh connections at root leaves you much more exposed to attack. Granted your root password is still protecting you, but it becomes your only layer of defense.

Ok, so how do we disallow incoming ssh connections as root on our RHEL box?

First, edit “/etc/ssh/sshd_config”

Find the section of the file that looks like this:
# Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6
Change this line:
#PermitRootLogin yes

To this:
PermitRootLogin no

Restart sshd:
/sbin/service sshd restart

Tags: attacker, authentication, edit, incoming, linux, networks, PermitRootLogin, red hat, rhel, root, root logins, security, ssh, sshd, sshd_config

Discuss This Article

One Response to “Disable SSH Root Logins on RHEL”

Buzz on April 9th, 2008 4:51 am #

Thanks for the info, the every handy google led me to this article.

I should keep my own notes realy

Got something to say?

Post Tags (user submitted): t (364) - ssh_config root (31) - sshd_config root (31) - f (28) - rhel ssh (20) - turn off ssh (20) - spiralbound net (18) - sshd root (17) - sshd_config disable root (16) - disallow root ssh (14) - disable ssh (13) - turn off root ssh (12) - disable ssh redhat (12) - sshd: root [net] (12) - how to disable ssh (12) - ssh root (11) - dropbear disable root login (11) - RedHat disable root login (11) - disable root login redhat (10) - rhel root login (10) - dropbear root login (9) - dropbear root (9) - RHEL4 SSH (8) - redhat ssh root login (8) - rhel 5 ssh (8) - RHEL SSH login without password (8) - ssh rhel 4 (7) - solaris "root ssh" (7) - enable ssh RHEL (7) - disable ssh root login (7) - RHEL 5 disable root login (7) - how to enable ssh in rhel5 (7) - disabling ssh access (6) - rhel disable root ssh (6) - enable SSH on RHEL 4 (6) - linux disable ssh (6) - SSH disable root (6) - disabling ssh in linux (6) - dropbear disable root (6) - RHEL5 ssh (6) - allow root to ssh (6) - ssh root solaris (6) - disable root ssh (5) - ssh disallow root (5) - disable ssh authentication (5) - how to enable ssh in redhat (5) - RHEL sshd (5) - restart sshd "rhel" (5) - rhel disable root login (5) - solaris ssh root (5) - sshd_config root disable (5) - ssh turn off password (5) - how to disable SSH in Linux (5) - solaris ssh root login (5) - how to enable ssh in rhel4 (5) - rhel4 sshd (5) - ssh + rhel4 (5) - ssh_config disable root (5) - redhat enable ssh (5) - enabling ssh for root (5) - sshd_config root login (5) - disable ssh for root (5) - rhel enable ssh (5) - how to enable ssh redhat (5) - how to enable ssh on RHEL4 (5) - how to enable ssh in RHEL 5 (5) - rhel4 enable ssh (4) - rhel winbind (4) - turn off ssh command (4) - ssh in RHEL (4) - restart ssh RHEL (4) - ssh root lock (4) - disable ssh login (4) - enable root ssh redhat (4) - how to enable ssh in RHEL ? (4) - RHEL ssh access (4) - rhel 4 ssh (4) - enable root ssh (4) - sshd_config rhel (4) - disable root login rhel (4) - dropbear PermitRootLogin (4) - ssh disallow root login (4) - turn off ssh linux (4) - RHEL ssh enable (4) - rhel sshd restart (4) - redhat enable ssh root (4) - disallow root login ssh (4) - rhel 5 enable ssh (4) - disallow ssh for user (4) - disable root ssh RHEL (4) - how to disable ssh on linux (4) - rhel restart sshd (4) - ENable SSH in RHEL4 (4) - how to disable ssh in redhat (4) - redhat ssh root (4) - disable ssh password (4) - RHEL root ssh (4) - how to enable ssh in redhat linux (4) - root login + RHEL4 (4) - enable ssh in rhel (4) - enable ssh root redhat (4) - enable ssh on RHEL (4) - turn off ssh password authentication in linux (4) - sshd allow root (4) - configure ssh in RHEL 4 (4) - red hat enable ssh (4) - all (3) - rhel enable service (3) - turn off ssh as root (3) - ssh root disable (3) - ssh root authentication (3) - ssh disable root connections (3) - disable ssh root user (3) - disable root password rhel (3) - rhel 4 enable ssh (3) - turn off sshd (3) - allow root logins (3) - lock root from ssh (3) - rhel5 disable root ssh (3) - disable ssh root (3) - how to enable ssh in RHEL 4 ? (3) - how to enable ssh for root user (3) - restart ssh redhat (3) - turn off root login (3) - enable SSH redhat 4 (3) - disable root access RedHat (3) - disable ssh on linux (3) - solaris allow root ssh (3) - redhat enable ssh access (3) - rhel4 restart sshd (3) - sshd disable root (3) - disable root ssh access (3) - disable root sshd_config (3) - sshd_config allow root (3) - enable root login redhat (3) - ssh disallow (3) - sshd_config root allow (3) - how to enable SSH in Linux (3) - disable root login rhel4 (3) - rhel ssh root (3) - vmware ssh root (3) - sshd_config disallow (3) - RHEL5 enable ssh (3) - sshd_config disable root login (3) - rhel disable user (3) - sshd_config disallow root (3) - disallow ssh access (3) - turn off ssh access (3) - ssh_config enable root (3) - redhat 5 disable root ssh (3) -