- Change the default SSH 22 port
- Use strong password
- Using SSH key authentication instead of password authentication
- Use The Latest Software Versions
- Monitor Your VPS Server Logs
- Set up email notifications for any warnings and errors
- Set Up Your Firewall
- Make Sure Your Server Is Malware-protected
- Protect Against Brute-force Attacks
- Use SSL Certificates For Everything
How to restrict direct root access | Linux | CentOS
We can do it just in two steps.
Step One:
At first we will create new root user as follows (for example, newroot)
- Login as root using SSH.
- Create new user e.g., newroot and add user to wheel group
useradd -G wheel newroot
- Set password for newroot
passwd newroot
- You will get option to enter password. Use letter and number only.
Save the newroot and password somewhere of you edge. - Su to newroot
su - newroot
- Test sudo permission (permission should be root)
sudo whoami
- Enter password of newroot and it will show result “root”.
- Open sshd config file and check whether it has the “newroot” in AllowUsers. If not, add the user manually. (usually at the end).
vi /etc/ssh/sshd_config
[Permission Denied!] Quit :q
AllowUsers newroot
- Restart sshd.service
sudo systemctl restart sshd.service
Step Two:
Now we are going to disable the root user. Before doing this, you have to logout from “root” and then login with “newroot”.
You can only disable the “root”, if you can successfully login with “newroot”.
- After successfully login with “newroot”, su to “root” using root password.
su - root
- Then open sshd_config.
vi /etc/ssh/sshd_config
- Search and change permitRootLogin “yes” to “no” as follows.
permitRootLogin no
- Restart sshd.service to implement the change
sudo systemctl restart sshd.service
- Now logout from “newroot” and try to login “root”
- Login with root now not allowed. Access Deny.
- So login with “newroot” and then su to root with root password
su - root