LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-23-2014, 04:51 PM   #1
mwalshe2000
LQ Newbie
 
Registered: Sep 2014
Distribution: debian
Posts: 2

Rep: Reputation: Disabled
Logging in as Root via ssh


Hi,

as a relative newbie to Debian, I'm wondering if it's secure to connect as Root, via ssh?


Best Regards,

Michael
 
Old 09-23-2014, 04:53 PM   #2
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,459

Rep: Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053
Unless it's absolutely needed for whatever reason (and even then only on systems within a protected LAN), it's generally best to disable root ssh access in sshd. I certainly wouldn't enable root ssh access on a server with a public IP.

Think of it this way - if root ssh access is not allowed, then for an attacker to brute-force their way into root control of your system, they would need to solve three unknowns: 1) a valid user name on your system, 2) the password for that user, and then once they were on, 3) the root password. If root ssh access is allowed, then all an attacker needs to brute-force is the root password, which unless it's painfully complex, wouldn't be all that difficult if the system didn't have any denyhosts type auto-ban daemon running.

Last edited by suicidaleggroll; 09-23-2014 at 05:01 PM.
 
Old 09-23-2014, 04:56 PM   #3
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 4,270
Blog Entries: 1

Rep: Reputation: 2304Reputation: 2304Reputation: 2304Reputation: 2304Reputation: 2304Reputation: 2304Reputation: 2304Reputation: 2304Reputation: 2304Reputation: 2304Reputation: 2304
Quote:
Originally Posted by mwalshe2000 View Post
Hi,

as a relative newbie to Debian, I'm wondering if it's secure to connect as Root, via ssh?


Best Regards,

Michael
It is secure as in "ssh is an acronym for Secure SHell", but it is not good practice.

In general, you want to disable root logins via ssh because they they are a direct path to compromised systems. If disabled, an intruder must first crack the non-root user access, then still crack root access.
 
Old 09-23-2014, 04:57 PM   #4
netnix99
Member
 
Registered: Jun 2011
Distribution: redhat, CentOS, OpenBSD
Posts: 298

Rep: Reputation: 98
I agree with suicidaleggroll. Disable root login via ssh. If the admin(s) have to login as themselves, then SU to root; you get a log of what has taken place in /var/log/secure (on Red Hat & similar distros). This at least provides you the ability to track down who changed what and when.
 
Old 09-23-2014, 05:12 PM   #5
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,459

Rep: Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053Reputation: 2053
To give you an idea of why it's a bad idea, here's a little excerpt from my /var/log/secure from this morning:

Code:
Sep 23 06:43:03 chef sshd[16837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.52.3  user=root
Sep 23 06:43:05 chef sshd[16837]: Failed password for root from 222.186.52.3 port 1282 ssh2
Sep 23 06:43:05 chef sshd[16838]: Connection closed by 222.186.52.3
Sep 23 06:43:36 chef sshd[16840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.52.3  user=root
Sep 23 06:43:38 chef sshd[16840]: Failed password for root from 222.186.52.3 port 2263 ssh2
Sep 23 06:43:40 chef sshd[16841]: Connection closed by 222.186.52.3
Sep 23 06:43:59 chef sshd[16843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.52.3  user=root
Sep 23 06:44:01 chef sshd[16843]: Failed password for root from 222.186.52.3 port 4133 ssh2
Sep 23 06:44:02 chef sshd[16844]: Connection closed by 222.186.52.3
Sep 23 06:44:04 chef sshd[16845]: refused connect from 222.186.52.3 (222.186.52.3)
Sep 23 06:44:13 chef sshd[16847]: refused connect from 222.186.52.3 (222.186.52.3)
Sep 23 06:44:20 chef sshd[16848]: refused connect from 222.186.52.3 (222.186.52.3)
Sep 23 06:44:26 chef sshd[16849]: refused connect from 222.186.52.3 (222.186.52.3)
This script kiddie had three tries, after that denyhosts kicked in and added their IP to hosts.deny, which means they are forever banned from my system. Of course I have root ssh disabled, but if I hadn't, and if I didn't have denyhosts or some other auto-ban system running, this person could just sit there and hammer my server until they managed to crack the root password. Maybe they would never crack it, maybe they would, but it's not a gamble I'm willing to take.

This server just had a new OS installed a hair over a month ago (Aug 16), and denyhosts has already thrown 230 IPs in the ban list for too many failed SSH attempts. The above excerpt is just the most recent one.

Last edited by suicidaleggroll; 09-23-2014 at 05:18 PM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
logging in as root over rsync/ssh for backups Skaperen Linux - Security 5 10-07-2010 10:50 AM
How to prevent root user from logging into ssh linuxjamil Linux - Server 2 10-08-2007 06:10 PM
[SSH] Issue logging in [SSH & Permissions] MD3 Linux - Networking 11 12-10-2006 09:25 AM
logging onto SSH robmainella Linux - Newbie 5 08-26-2003 02:21 PM
using red-carpet without logging out and logging as root. packman Linux - Software 1 12-09-2002 02:55 AM


All times are GMT -5. The time now is 01:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration