Disable Direct root access

Disable Direct root access in Linux Server
Disabling direct root access provides two levels of security. The login needs to be performed as a normal ssh user first and then switch to root user.  This necessitates two valid logins and passwords. Also  only privileged users are permitted to switch to root, that too provides another level of security.

To disable direct root login,  modify the  configuration file and disable the corresponding directive to look like the following one

PermitRootLogin no

SSH user creation

Existence of an SSH user who can switch to root is essential when direct root access is disabled. The process is simple, you simply need to create a normal ssh user and then add the user to wheel group .  For eg. I have created the user as “admin” and  below is the commands I used to complete the process

adduser admin
passwd admin
usermod -g wheel username

Changing the group can be done either  through WHM or by editting the /etc/group file.  Confirm the process by performing the following test

#grep wheel /etc/group


It confirms that the ssh user “admin” is a member of wheel group. Since all wheel group users are privileged to switch to superuser,  he can switch to the root account.

Restart the sshd service and once it is done. Try to login to the server as root and it should fail.



There are no revisions for this post.

Tags: , ,

No comments yet.

Leave a Reply