Disable Root SSH Access – Howto on Securing SSH

You should never allow anyone to ssh directly into your server as root as this could be a serious security risk should anyone be able to brute force your password. Instead, you should disable root ssh access which will force people to login as a normal user and then switch to root.

Here are some tips on securing SSH on your server. This is not everything you need to do but it is a good place to start.

Disabling Root Access

Disabling root access is surprisingly easy. First login to your server as root or a normal user and then su to root.

ssh username@yourserver.com

Second, edit your sshd_config file. Note that there is also a ssh_config file which you don’t need to edit in this tutorial.

vi /etc/ssh/sshd_config

Thirdly, find the section with the line shown below, uncomment it if it isn’t already and change the yes to a no.

PermitRootLogin no

And lastly, save the file and restart sshd.

/etc/rc.d/init.d/sshd restart

After you have completed the above, no one will be able to login as a root user but instead have to switch to root after logging in as a root user.

Additional changes to further secure SSH

Disable X11Forwarding unless of course, you absolutely need to use it. To do this, edit the sshd_config as shown above and find the line as shown below and change it to NO.

X11Forwarding no

Change the SSH protocol from version 1 to the more secure version 2. To do this, edit the sshd_config as shown above and find the line as shown below and change it to 2 instead of 2, 1.

Protocol 2

Further Information

If anyone has any further information, I will be happy hear about it so email me or post a comment below.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>