SSH configuration
 

Hi,
getting the warning from Root Hunter when I run a check

Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.

any one explain me briefly i'm new to linux and if it is set then what happens? how to set?

Thanks.

Hi,

normally ssh root access should be disabled. If a remote user wants root access they should ssh to the box as a normal user and then su to root. This is a security policy, the reason being that all *nix machines have a root user, so by disabling ssh as root an attacker will need to "guess" both the username and the password.

In short you should probably add the following line to your /etc/ssh/sshd_config
HTH,

Evo2.

i want to make sure once,

If PermitRootLogin is set to no then remote user can't login as root user right?

Hi,
Correct - if we are only considering ssh.

Cheers,

Evo2.

Just so you are 100% clear, with this setting a remote user cannot directly login as root via ssh. However, they can ssh in as a normal user. Then once logged in this way, they can login to root from the command line (given they know the root password, or have been configured in /etc/sudoers, etc.)

Also, after you put this PermitRootLogin directive in /etc/ssh/sshd_config, you must force the currently running ssh daemon to reload its configuration. On many systems, the following will accomplish that:

"reload" is safer than "restart". If you were ssh'ed into your machine, messed up the sshd_config file by accident, and then issued a "restart" command and ssh failed to restart (because you goobered up its config file), then you could end up locking yourself out.

Hi and welcome to LQ!
In addiction, I suggest some reading about ssh configuration that can be useful.

http://www.cyberciti.biz/tips/linux-...practices.html
https://signalboxes.net/misc/hardening-ssh/