A blog for Linux Lovers.

Posted by sibu on March 10, 2009

How to disable direct root login

Following steps will show you how to disable direct root login. If you are using cPanel server make sure you add your admin user to the .wheel. group so that you will be able to .su -. to root, otherwise you may lock yourself out of root.

1. SSH into your server as .admin. and gain root access by su

2. Copy and paste this line to edit the file for SSH logins
vi /etc/ssh/sshd_config

3. Find the line
Protocol 2, 1

4. Uncomment it and change it to look like
Protocol 2

5. Next, find the line
PermitRootLogin yes

6. Uncomment it and make it look like PermitRootLogin no

7. Save the file

8. Now you can restart SSH
/etc/rc.d/init.d/sshd restart

Now, no one will be able to login to root with out first loggin in as admin and .su -. to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords!

Add A Comment