• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • How to disable or restrict direct root login via console or ssh

    Below article is a must read to harden your existing sshd configuration file

    Best practices to harden and increase security with ssh (ciphers, MACs etc)
    By default root user had direct login access to the Linux machine which can be dangerous and in most organisation it is restricted

    But how do we restrict a direct root user login?
    Firstly ssh based direct root login must be diabled which can be done via sshd_config

    Modify your /etc/ssh/sshd_config and make sure PermitRootLogin is disabled as shown below
    # grep -i PermitRootLogin /etc/ssh/sshd_config
    PermitRootLogin no





    By default the value would be yes, so change it to "no" and save your file follwed by a sshd service restart to make the changes affect
    # systemctl restart sshd.service

    Using this you disabled ssh based direct root login but what if someone gets access to the GUI console, which can be iLO for a physical blade and a GUI console for VMware via vnc or some other tool?
    The above changes will not restrict a direct root login via console as that is not ssh


    Disable direct root login via console

    To achieve this clear the contents of "/etc/securetty"
    By default this file contains the content of all the terminals on which a direct root login would be allowed

    # cat /dev/null > /etc/securetty

    Now you can try to do a root login via console, and it should fail

    I hope the article was useful.

    Deepak Prasad

    Deepak Prasad is a techie and an author who is still trying to survive in this IT generation with very little knowledge he has on Linux/Unix, VMware, SAN Storage, Automation, networking etc

    You can follow him on Facebook or Google+

    Do you also have something to share here?

    Become an author and be a part of our GoLinuxHub Team, Click here for more information
    How to disable or restrict direct root login via console or ssh How to disable or restrict direct root login via console or ssh Reviewed by Deepak Prasad on Sunday, May 06, 2018 Rating: 5

    No comments:

    Powered by Blogger.