Learn how to disable SSH login for the root user on CentOS 8 with our step-by-step guide. Enhance your server’s security by preventing direct root access over SSH. #centlinux #linux #ssh
SSH, or Secure Shell, is a cryptographic network protocol used for securely operating network services over an unsecured network. The most common application of SSH is for remote login to computer systems by users. Here are the key aspects of SSH:
SSH is a fundamental tool for secure remote administration, encrypted file transfers, and tunneling network services. Its robust encryption and authentication mechanisms make it a preferred choice for securely managing and accessing remote systems.
Read Also: How to Disable SSH Root Login in Linux 9
SSH provides a secure channel over an unsecured network by using a client–server architecture, connecting an SSH client application with an SSH server. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2. The standard TCP port for SSH is 22 but we can configure SSH on a non-default port. SSH is generally used to access Unix-like operating systems, but it can also be used on Microsoft Windows. Windows 10 uses OpenSSH as its default SSH client and SSH server.
Since, root is the Superuser in Linux and remote ssh login facility makes it the prime target for hackers. Hackers uses brute force or dictionary attack techniques to guess the password of root user.
In CentOS 8 / RHEL 8 default settings, root user is allowed to login at the SSH server by using a SSH client. Therefore, it is always advisable by the security experts to disable the root ssh logins on the Linux servers before making it live.
Recommended Online Training: Learn Bash Shell in Linux for Beginners
We are using a minimal CentOS 8 virtual machine with following specification.
Connect with ssh-server-01.centlinux.com as root user by using a SSH client.
You are going to disable SSH login for root, therefore, you will need another user to access the server machine via SSH.
Although, you can use a normal user for this purpose. But we recommend that you should create an Admin user so you can perform administrative tasks from this user account as well.
# adduser -u 1001 -G wheel mansoor
Set the password of Admin user by using following command.
# echo "Str@ngPa55w0rd" | passwd --stdin mansoor
Changing password for user mansoor.
passwd: all authentication tokens updated successfully.
Configuration files for SSH client/server are located in /etc/ssh directory.
Edit the SSH server configuration file by using vim editor.
# vi /etc/ssh/sshd_config
Locate following directives in this file.
PermitRootLogin yes
Update this directive as follows to disable SSH login for root.
PermitRootLogin no
Restart sshd service to take changes into effect.
# systemctl restart sshd.service
Now, disconnect from ssh-server-01.centlinux.com and try to connect again as root user.
# ssh root@ssh-server-01
root@ssh-server-01's password:
Permission denied, please try again.
root@ssh-server-01's password:
Permission denied, please try again.
root@ssh-server-01's password:
root@ssh-server-01: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
Although, we are providing the same password, but we are unable to login.
Try again with the newly created admin user.
$ ssh mansoor@ssh-server-01
mansoor@ssh-server-01's password:
Last login: Sat Aug 22 12:42:39 2020 from ssh-client-01
$
We have successfully login to ssh-server-01.centlinux.com.
Now, we can switch to root user.
$ su -
Password:
Last login: Sat Aug 22 12:42:23 PKT 2020 on pts/0
#
So, you can still access the root user account, but disabling the SSH root logins reduces the risk of hacking attempts on your Linux server.
In this article, you have learned how to disable SSH login for root on CentOS 8. If you are having difficulty understanding the commands used in this guide, then there is a good book for you. The book title is How Linux Works, 2nd Edition: What Every Superuser Should Know Second Edition (PAID LINK) and it is written by Brian Ward.
Learn how to change Apache document root in Linux by following this step-by-step guide. Adjust…
Discover how to change Apache port in Linux easily. Follow our simple guide to modify…
Learn how to create a virtual host in Apache Server with this comprehensive guide. Set…
Discover 10 practical tasks for the RHCSA exam with step-by-step solutions. Boost your Linux skills…
Discover the ultimate Fail2ban configuration guide. Learn how to set up, customize, and optimize Fail2ban…
Explore the ultimate guide to VPS servers and learn everything about Virtual Private Servers, including…
This website uses cookies.