Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
By default, isn't SSH set up to not allow root to log in via SSH? I thought I heard that somewhere. Then I was reading an article that says in /etc/ssh/sshd_config to change "PermitRootLogin" from yes to no. I looked through that file and did not find a "PermitRootLogin" line. Can someone fill me in?
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Just create a line that looks exactly like this:
Then kill sshd and restart it (or kill it with the -HUP signal). Also, you'll want to confirm that your OS is actually using the default config file in /etc/ssh instead of one stuck somewhere else (examine your init scripts to make sure it's not using the -f flag to override the default config file).
I think some distros independently changed their shipping config files to disable root login by default, but the source distribution from OpenSSH.org has it enabled by default. The reason for this is so you can still login to a remote server after upgrading it (unexpectedly being locked out after an upgrade would be messy).
Best practices say that you should always disable remote root login and use some other method, such as sudo (once authenticated with a normal user).