{"id":118,"date":"2021-11-02T12:00:26","date_gmt":"2021-11-02T12:00:26","guid":{"rendered":"https:\/\/bestdedicatedhosting.in\/blog\/?p=118"},"modified":"2021-11-02T13:06:38","modified_gmt":"2021-11-02T13:06:38","slug":"how-to-disable-direct-root-access-in-linux","status":"publish","type":"post","link":"https:\/\/bestdedicatedhosting.in\/blog\/how-to-disable-direct-root-access-in-linux\/","title":{"rendered":"How to disable direct root access in Linux"},"content":{"rendered":"\n<p><strong>Description<\/strong><\/p>\n\n\n\n<p>It is very important to secure your Linux server to protect your data, intellectual property, and time from the hands of crackers (hackers). <\/p>\n\n\n\n<p>Everybody says that Linux server is secure by default and to some extent this is true. Linux has in-built security model by default. <\/p>\n\n\n\n<p>We need to tune it up and customize as per our need which may help to make the system more secure. <\/p>\n\n\n\n<p>Linux is harder to manage, but it offers more flexibility and configuration options. <\/p>\n\n\n\n<p>Securing a server from the hands of hackers and crackers is a challenging task for a System Administrator.<\/p>\n\n\n\n<p>The most important steps to secure your server is to disable the direct root login and create a dedicated SSH user.<\/p>\n\n\n\n<p>Enabling direct root login may help the hackers to login your server very easily. &nbsp;<\/p>\n\n\n\n<p>Never login as root user for that reason. <\/p>\n\n\n\n<p>You should use sudo to execute root level commands. By using sudo we can greatly enhance the security of the system without sharing root password with other users and admins. <\/p>\n\n\n\n<p>It provides simple auditing and tracking features too.<\/p>\n\n\n\n<p>Here we can discuss about how to disable direct root login and how to create a dedicated SSH user.<\/p>\n\n\n\n<p><strong>Disable direct root login<\/strong><\/p>\n\n\n\n<p>Please note that you do not log out from your system after disabling the direct root login. <\/p>\n\n\n\n<p>Follow the steps until you create a dedicated SSH user and then you can log out. Otherwise you will not be able to login to your system again. Please be careful about this.<\/p>\n\n\n\n<p>Root user is the one who has the ability to do anything in your system. Imagine if someone got access to your root user account?! Let\u2019s disable direct root login by using the below steps.<\/p>\n\n\n\n<p>Edit the SSH main configuration page<\/p>\n\n\n\n<p><code>vi \/etc\/ssh\/sshd_config<\/code><\/p>\n\n\n\n<p>There you can find the below line.<\/p>\n\n\n\n<p><code>#PermitRootLogin yes<\/code><\/p>\n\n\n\n<p>Change it as below.<\/p>\n\n\n\n<p><code>PermitRootLogin no<\/code><\/p>\n\n\n\n<p>Restart SSH service to update the changes<\/p>\n\n\n\n<p><code>systemctl restart sshd.service<\/code><\/p>\n\n\n\n<p>Now you have disabled direct root login. Please follow the below steps to create a dedicated SSH user.<\/p>\n\n\n\n<p><strong>Create dedicated SSH user<\/strong><\/p>\n\n\n\n<p>After disabling the direct root login, you need to create a dedicated SSH user. (Only this user will have SSH login permission in your system.)<\/p>\n\n\n\n<p>We are going to create a dedicated user called \u201ctestuser\u201d Please follow the below steps.<\/p>\n\n\n\n<p>Create the user account.<\/p>\n\n\n\n<p><code>useradd&nbsp;testuser<\/code><\/p>\n\n\n\n<p>Set Password for the user.<\/p>\n\n\n\n<p><code>passwd&nbsp;testuser<\/code><\/p>\n\n\n\n<p>Add this user to \u201c\/etc\/sudoers\u201d file. Simply edit this file or run the below command.<\/p>\n\n\n\n<p><code>visudo<\/code><\/p>\n\n\n\n<p>Here you can find a line as shown below.<\/p>\n\n\n\n<p><code>root&nbsp;&nbsp;&nbsp; ALL=(ALL)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ALL<\/code><\/p>\n\n\n\n<p>The above line means root user can run any commands anywhere. Add the given below line under this line.<\/p>\n\n\n\n<p><code>testuser&nbsp; ALL=(ALL)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ALL<\/code><\/p>\n\n\n\n<p>Now save the file.<\/p>\n\n\n\n<p>From now on, the user \u201ctestuser\u201d have the permission to run any commands anywhere. <\/p>\n\n\n\n<p>For this to work you have to add \u201csudo\u201d to the beginning of every command that you execute as user \u201ctestuser\u201d.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>You can also switch this user to root user. For this please run the below command<\/p>\n\n\n\n<p><code>sudo su \u2013<\/code><\/p>\n\n\n\n<p>Now you have disabled direct root login and created a user called \u201ctestuser\u201d with full permission in your system. <\/p>\n\n\n\n<p>This does not mean \u201ctestuser\u201d is a dedicated SSH user. <\/p>\n\n\n\n<p>There maybe other users in your system that have SSH shell access. <\/p>\n\n\n\n<p>Please follow the below steps to block all those users and to set \u201ctestuser\u201d as dedicated SSH user.<\/p>\n\n\n\n<p>Edit the SSH main configuration file.<\/p>\n\n\n\n<p><code>vi \/etc\/ssh\/sshd_config<\/code><\/p>\n\n\n\n<p>Add the below lines.<\/p>\n\n\n\n<p><code>AllowUsers testuser<\/code><\/p>\n\n\n\n<p>Save the file and restart SSH service to update these changes.<\/p>\n\n\n\n<p><code>systemctl restart sshd.service<\/code><\/p>\n\n\n\n<p>Now you have created a dedicated SSH user.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>We hope you\u2019ve found this useful!&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Description It is very important to secure your Linux server to protect your data, intellectual property, and time from the hands of crackers (hackers). Everybody says that Linux server is secure by default and to some extent this is true. Linux has in-built security model by default. We need to tune it up and customize [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","footnotes":""},"categories":[4],"tags":[],"class_list":["post-118","post","type-post","status-publish","format-standard","hentry","category-linux"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/bestdedicatedhosting.in\/blog\/wp-json\/wp\/v2\/posts\/118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bestdedicatedhosting.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bestdedicatedhosting.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bestdedicatedhosting.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bestdedicatedhosting.in\/blog\/wp-json\/wp\/v2\/comments?post=118"}],"version-history":[{"count":1,"href":"https:\/\/bestdedicatedhosting.in\/blog\/wp-json\/wp\/v2\/posts\/118\/revisions"}],"predecessor-version":[{"id":119,"href":"https:\/\/bestdedicatedhosting.in\/blog\/wp-json\/wp\/v2\/posts\/118\/revisions\/119"}],"wp:attachment":[{"href":"https:\/\/bestdedicatedhosting.in\/blog\/wp-json\/wp\/v2\/media?parent=118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bestdedicatedhosting.in\/blog\/wp-json\/wp\/v2\/categories?post=118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bestdedicatedhosting.in\/blog\/wp-json\/wp\/v2\/tags?post=118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}