Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Unless it's absolutely needed for whatever reason (and even then only on systems within a protected LAN), it's generally best to disable root ssh access in sshd. I certainly wouldn't enable root ssh access on a server with a public IP.
Think of it this way - if root ssh access is not allowed, then for an attacker to brute-force their way into root control of your system, they would need to solve three unknowns: 1) a valid user name on your system, 2) the password for that user, and then once they were on, 3) the root password. If root ssh access is allowed, then all an attacker needs to brute-force is the root password, which unless it's painfully complex, wouldn't be all that difficult if the system didn't have any denyhosts type auto-ban daemon running.
Last edited by suicidaleggroll; 09-23-2014 at 05:01 PM.
as a relative newbie to Debian, I'm wondering if it's secure to connect as Root, via ssh?
Best Regards,
Michael
It is secure as in "ssh is an acronym for Secure SHell", but it is not good practice.
In general, you want to disable root logins via ssh because they they are a direct path to compromised systems. If disabled, an intruder must first crack the non-root user access, then still crack root access.
I agree with suicidaleggroll. Disable root login via ssh. If the admin(s) have to login as themselves, then SU to root; you get a log of what has taken place in /var/log/secure (on Red Hat & similar distros). This at least provides you the ability to track down who changed what and when.
To give you an idea of why it's a bad idea, here's a little excerpt from my /var/log/secure from this morning:
Code:
Sep 23 06:43:03 chef sshd[16837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.52.3 user=root
Sep 23 06:43:05 chef sshd[16837]: Failed password for root from 222.186.52.3 port 1282 ssh2
Sep 23 06:43:05 chef sshd[16838]: Connection closed by 222.186.52.3
Sep 23 06:43:36 chef sshd[16840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.52.3 user=root
Sep 23 06:43:38 chef sshd[16840]: Failed password for root from 222.186.52.3 port 2263 ssh2
Sep 23 06:43:40 chef sshd[16841]: Connection closed by 222.186.52.3
Sep 23 06:43:59 chef sshd[16843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.52.3 user=root
Sep 23 06:44:01 chef sshd[16843]: Failed password for root from 222.186.52.3 port 4133 ssh2
Sep 23 06:44:02 chef sshd[16844]: Connection closed by 222.186.52.3
Sep 23 06:44:04 chef sshd[16845]: refused connect from 222.186.52.3 (222.186.52.3)
Sep 23 06:44:13 chef sshd[16847]: refused connect from 222.186.52.3 (222.186.52.3)
Sep 23 06:44:20 chef sshd[16848]: refused connect from 222.186.52.3 (222.186.52.3)
Sep 23 06:44:26 chef sshd[16849]: refused connect from 222.186.52.3 (222.186.52.3)
This script kiddie had three tries, after that denyhosts kicked in and added their IP to hosts.deny, which means they are forever banned from my system. Of course I have root ssh disabled, but if I hadn't, and if I didn't have denyhosts or some other auto-ban system running, this person could just sit there and hammer my server until they managed to crack the root password. Maybe they would never crack it, maybe they would, but it's not a gamble I'm willing to take.
This server just had a new OS installed a hair over a month ago (Aug 16), and denyhosts has already thrown 230 IPs in the ban list for too many failed SSH attempts. The above excerpt is just the most recent one.
Last edited by suicidaleggroll; 09-23-2014 at 05:18 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.