CREATING A NORMAL USER ACCOUNT
Before you disable SSH logins for the root account, you must create a normal user account. (Otherwise, you will be unable to access your server when you disable the root account for SSH logins.)
CentOS and Fedora
To create a user and grant it administrative privileges on a server running CentOS or Fedora, follow these steps:
- Log in to the server using SSH.
- At the command prompt, type the following command. Replace username with the name of the user that you want to add:
useradd username
- Type the following command, replacing username with the name of the user that you created in step 2:
passwd username
usermod -aG wheel username
- To grant administrative privileges to the user, type the following command:
visudo
This command opens the sudoers file for editing. - Add the following line to the file. Replace username with the name of the user that you created in step 2:
username ALL=(ALL) ALL
Now the user can run commands as the root user by prefixing the command with sudo. For example, the user can view the root home directory by typing the command sudo ls /root. ## Allow root to run any commands anywhere username ALL=(ALL) ALL root ALL=(ALL) ALL # Allow members of group sudo to execute any command %wheel ALL=(ALL) ALL
By default, the user can now run any command as the root user. For security reasons, however, you may want to restrict which commands the user can run as root by using the visudo command. Alternatively, you can use the su command to change to the root user account from any account (assuming you know the root password).
DISABLING SSH LOGIN FOR ROOT
After you create a normal user, you can disable SSH logins for the root account. To do this, follow these steps:
- Log in to the server as root using SSH.
- Open the /etc/ssh/sshd_config file in your preferred text editor (nano, vi, etc.).
- Locate the following line:
PermitRootLogin yes
- Modify the line as follows:
PermitRootLogin no
- Add the following line. Replace username with the name of the user you created in the previous procedure:
AllowUsers username
This step is crucial. If you do not add the user to the list of allowed SSH users, you will be unable to log in to your server! - Save the changes to the /etc/ssh/sshd_config file, and then exit the text editor.
- Restart the SSH service using the appropriate command for your Linux distribution:
- For CentOS and Fedora, type:
service sshd restart
- For CentOS and Fedora, type:
0 Comments