Prevent Root access with SSH
 

I have heard that you can prevent the root user from gaining access to the system using ssh. How do you do this? Also, if you do this is there a way to add users without logging on as root?

You need to edit your sshd config file. There is an AllowRootLogin directive that you just set to no, save the file and then restart sshd.

As for adding users, there are a couple of ways to do this. First is to log into the system as a normal user, and then use su - to become root. The second way would be to use sudo, which allows normal users to run specific commands with root privileges. Check out the sudo man pages for how to add commands.

Correct me if I'm wrong, but even if you can't ssh as root, you could still ssh as the user and sudo to run with root authority,... right??? In that capacity that person could still nerf your system...

Most distro's support the wheel group. If you enable this on your linux box then even if the user knows the root password they can't su to it unless in the wheel group.

-b

Wrong. The only commands a user can use with sudo are those that root allows them to. The way sudo works is that the user enters sudo command at the prompt. Sudo then looks in the sudoers file to see if that user has permission to use that command. If they can, then they are prompted for their password (or not depeding on how you set it up) and the command runs. However, if they do NOT have permission to run that command (i.e., it isn't in the sudoers file), then the command doesn't run. So in your case, a user could have the ability to add a user through sudo, but couldn't do anything else with root privileges.

Sudo is actually a pretty elegant way to give a user exactly the amount of root authoritiy they need to get the job done and no more.