Locking Down SSH User Access
To secure your system, you shouldn’t allow root to login remotely.
Instead, if an admin needs to use the root account they should
login using their own account and then su - or
sudo to the root account as needed.
Edit the /etc/ssh/sshd_config file and change the
following lines:
PermitRootLogin no
PermitEmptyPasswords no
Some of these properties may be commented out in the file, so all you’d need to do is remove the # sign.
Once these changes are made you should then restart ssh. On my system this is done by:
# /etc/rc.d/rc.sshd restart
After the restart your changes will be in affect. However, root can still login “from the local terminal”.
You can go a step further and restrict only specific users access to login via ssh. For example, if you wanted only user1 and user2 the ability to login with ssh you can add a line to the above file:
AllowUsers user1 user2
Everyone except these two users will be denied access via ssh.
Tags: cli, ssh, ssh-config, motd