Disable Root Login Via SSH = Why?
 

OK - so I was told that when my machine has the SSH server (not client) running, it is best practice to disable "permit root login". I did this but I don't really see the point. If someone can login to your machine via SSH as root, SSH is the least of your problems, no? Is they can hack your root password, how is your user password any safer? Sure they can hack bill's password on the server but then "Bill" really can't do anything to destroy the box but they can "su" and then attack if they get the password, no?

Can someone please help me here to understand if this is a safe method or just scare tactics.

You've hit the nail on the head already. It's just an extra step. If they hack bill's password they can only be bill. To su, they also have to hack root's password. If you enable root login via ssh, they now only need one password to completely take over your box.

Now if you do something silly like allow bill total root access through sudo, then they can easily just be root by hacking bill. But really, sudo should be used to setup only those commands that bill really needs to have access to as root.

It's just getting you into the right mindset.

Root should ONLY be used for in-front-of-the-actual-server, critical administration tasks that cannot be performed any other way.

Plus, even if Bob can su to root, they likely will not have the same password so you've just doubled the work of any potential password-guesser.

It's not a MAJOR security problem, it's more good practice and another little blockade in the way of someone getting root.

In some cases, you HAVE to allow root via SSH - dedicated servers in remote locations etc. - but the main point is, if there's no NEED to have root be able to login remotely, then it's safer just to turn off that capability entirely.

In the same way, the firewall on a server will stop any access/attacks on ports you don't want to expose (Samba, NFS etc.) but to also stop any server process running that you DON'T NEED is just an extra line in the defense.

Thanks for the info all!

in addition they would know that the root user exists in the first place. why should anyone out there know your user account is called carlwill or something. unless you have that username blatantly advertised you almost have a conceptual password there too. you will get the same response from the ssh server if a user does not exist, or if a real user has tried to log in with the wrong password. let's say you have 1,000,000 possible usernames, and you have 1,000,000 possible passwords. therefore you have 1,000,000,000,000 username/password combinations. that's one BIG dictionary attack....