How to Disable Root SSH Login in CentOS 8 - CentLinux

Latest

Saturday, 22 August 2020

How to Disable Root SSH Login in CentOS 8

How to Disable Root SSH Login in CentOS 8

In this article, you will learn how to disable root ssh login in CentOS 8.

 

Table of Contents:

     

    What is SSH (Secure Shell)? :

    Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH. (Courtesy: Wikipedia)

    SSH provides a secure channel over an unsecured network by using a client–server architecture, connecting an SSH client application with an SSH server. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2. The standard TCP port for SSH is 22 but we can configure SSH on a non-default port. SSH is generally used to access Unix-like operating systems, but it can also be used on Microsoft Windows. Windows 10 uses OpenSSH as its default SSH client and SSH server.

    Since, root is the Superuser in CentOS 8 and remote ssh login facility makes it the prime target for hackers. Hackers uses brute force or dictionary attack techniques to guess the password of root user.

    In CentOS 8 / RHEL 8 default settings, root user is allowed to login at the SSH server by using a SSH client. Therefore, it is always advisable by the security experts to disable the root ssh logins on the CentOS 8 servers before making it live.

     

    Environment Specification:

    We are using a minimal CentOS 8 virtual machine with following specification.

    • CPU - 3.4 Ghz (2 cores)
    • Memory - 2 GB
    • Storage - 20 GB
    • Operating System - CentOS 8.2
    • Hostname – ssh-server-01.centlinux.com
    • IP Address - 192.168.116.206 /24

     

    Create an Admin User in CentOS 8:

    Connect with ssh-server-01.centlinux.com as root user by using a SSH client.

    We are going to disable root ssh logins, therefore, we need another user to access the server machine via SSH.

    Although, we can use a normal user for this purpose. But we are creating an Admin user so we can perform administrative tasks from this user account as well.

    [root@ssh-server-01 ~]# adduser -u 1001 -G wheel mansoor

    Set the password of Admin user by using following command.

    [root@ssh-server-01 ~]# echo "Str@ngPa55w0rd" | passwd --stdin mansoor Changing password for user mansoor. passwd: all authentication tokens updated successfully.

     

    Disable Root SSH login in CentOS 8:

    Configuration files for SSH client/server are located in /etc/ssh directory.

    Edit the SSH server configuration file by using vim editor.

    [root@ssh-server-01 ~]# vi /etc/ssh/sshd_config

    Locate following directives in this file.

    PermitRootLogin yes

    Update this directive as follows to disable root ssh logins.

    PermitRootLogin no

    Restart sshd service to take changes into effect.

    [root@ssh-server-01 ~]# systemctl restart sshd.service

    Now, disconnect from ssh-server-01.centlinux.com and try to connect again as root user.

    [root@ssh-client-01 ~]# ssh root@ssh-server-01 root@ssh-server-01's password: Permission denied, please try again. root@ssh-server-01's password: Permission denied, please try again. root@ssh-server-01's password: root@ssh-server-01: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

    Although, we are providing the same password, but we are unable to login.

    Try again with the newly created admin user.

    [root@ssh-client-01 ~]$ ssh mansoor@ssh-server-01 mansoor@ssh-server-01's password: Last login: Sat Aug 22 12:42:39 2020 from ssh-client-01 [mansoor@ssh-server-01 ~]$

    We have successfully login to ssh-server-01.centlinux.com.

    Now, we can switch to root user.

    [mansoor@ssh-server-01 ~]$ su - Password: Last login: Sat Aug 22 12:42:23 PKT 2020 on pts/0 [root@ssh-server-01 ~]#

    So, we can still access the root user account, but disabling the root ssh logins reduces the risk of hacking attempts on our CentOS 8 server.

     

    Conclusion:

    We have successfully disabled root ssh logins on CentOS 8. If you are having difficulty understanding the commands used in this guide, then there is a good book for you. The book title is How Linux Works, 2nd Edition: What Every Superuser Should Know Second Edition and it is written by Brian Ward.

    No comments:

    Post a comment