For one reason or another RHEL does not disallow incoming ssh connections as root. This is, of course a glaring security problem which should be addressed for all systems that allow ssh connections to be made from any but the most restricted networks.
The best practice, of course, would be to make the initial ssh connection as an unprivileged user and then use the “su” command to promote yourself to root. This way, even if an attacker managed to get into the system, it would be as an unprivileged user and they would not able to do much harm. Allowing incoming ssh connections at root leaves you much more exposed to attack. Granted your root password is still protecting you, but it becomes your only layer of defense.
Ok, so how do we disallow incoming ssh connections as root on our RHEL box?
First, edit “/etc/ssh/sshd_config”
Find the section of the file that looks like this:
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
Change this line:
#PermitRootLogin yes
To this:
PermitRootLogin no
Restart sshd:
/sbin/service sshd restart
Thanks for the info, the every handy google led me to this article.
I should keep my own notes realy
Yeah, I was just looking in my logwatch and I saw some people tried to log in – into SSH with root.. which they can’t log in with.
I have to log in with a User and then do “sudo su -” for root.
@Buzz: Make sure you actavate “sudo” too for extra security. If you search “centos using sudo” at google youll find many websites who will explain how to use it.