How to Secure your Server by Disabling Root Login Access - Part One

shape
shape
shape
shape
shape
shape
shape
shape
How to Secure your Server by Disabling Root Login Access - Part One

Login in with root user credentials is a simple way of gifting attackers access to your System. With numerous bots trying brute force attacks with random password for root@random_ip address, having root login leaves the bots with only one option of guessing the password. With this guide we shall create a user and give them root access and turn off login using root logins. You can implement firewalls but this bots tend to be smart and have developed ways of going undetected.

Create a User

Command $ adduser username, this command will add a user or group to the system

  #         adduser cassavahub

Adduser will create user with associated directories unlike useradd command, you will be prompted for a password that you will be using to login in.

Add User to Sudoers File

Edit the sudoers file using Visudo command 

#  visudo

the configuration is located at /etc/sudoers

locate this line root    ALL=(ALL:ALL) ALL

and add a line below it as 

                    username ALL=(ALL:ALL) ALL

for our instance 

    cassavahub  ALL=(ALL:ALL) ALL

Sample Configuration

to prevent being asked for a password after Login

cassavahub  ALL=(ALL:ALL) NOPASSWD: ALL

 

You can login using ssh

ssh username@ip_address and you can run sudo privilege where it will prompt you for your password

 

Reject Root Login

Having our new user with root access, we can now disable root login and improve the security of our server. To prevent root login we need to edit ssh config file, which is located at /etc/ssh/sshd_config

# vim /etc/ssh/sshd_config

Locate this line PermitRootLogin yes

and edit from yes to no   and restart ssh using 

systemctl reload sshd

Your server is one step more secure, Check regularly on Part Two Article on Server Security at Cassavahub

 

 

 

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *