...
Disable Direct Login as Root Through SSH
Normally having permit root login in ssh in Ubuntu is not a security issue. Root is simply disabled in the OS. On a fresh Ubuntu setup from scratch the default values in your /setch/ssh/sshd_config is,
Code Block | ||
---|---|---|
| ||
PermitRootLogin prohibit-password |
This prevents password and keyboard-interactive authentication using the root account. However, if in a hardened environment we prefer root to not be available at all.
In this example, we are using a canned hosted Ubuntu system where the automated setup has the root account is enabled. This is dangerous because there are attackers out there looking for Unix/Linux boxes and trying to login via ssh using the username root and then a list of common passwords.
...
Connect to SSH as a staff user and edit sshd_config,
Code Block | ||
---|---|---|
| ||
sudo nano /etc/ssh/sshd_config |
Search for the line "PermitRootLogin yes" and change to "PermitRootLogin no". You can still issue su to go in as root but only after logging in as a user belonging to the admin group.
...