Brute Force Login Attempts are as common as ever. Even if you have a strong root password, it is a matter of time for it to be cracked using a dictionary attack. Hence the need to prevent direct ssh logins for common accounts like root or admin.
Generally, it’s safe to use a hidden “su” user first, then login to root or other accounts once connected. Disable any well known accounts (root, admin, etc) that don’t need direct access by editing the /etc/ssh/sshd_config and removing or commenting out the section with the code.
Always test changes before logging out else you may lock yourself out from the box.
Here how you can do it on a generic Linux system is three simple steps:
- Add the user. I’ve chosen the user editor. You can pick some other name.
[root@mycomputer ~]# adduser editor
[root@mycomputer ~]# id editor
[root@mycomputer ~]# uid=1007(editor) gid=1008(editor) groups=1008(editor)
[root@mycomputer ~]# whoami
[root@mycomputer ~]# editor
- Set the password for the new user. Enter and confirm the new password at the command prompt.[root@mycomputer ~]# passwd editor
Changing password for user editor.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
- In order to give sudo permissions of the new user editor you have to edit the file /etc/sudoers, remove the comment # in front of the statement
%wheel ALL=(ALL) ALL
where you will give su permissions to the group wheel. Add the user to the wheel group.
usermod -aG wheel editor.
At least this is the approach recommended from by RedHat
Another way of doing this is by giving su permissions to the user editor. Once again this is done by adding a line in /etc/sudoers
editor ALL=(ALL) ALL
- Now ssh to the server with the new user. Make sure everything is okay and the user has all the rights you need.
[root@mycomputer ~]# ssh editor@myserver
- Check if you can su (switch user) to root from the user admin
[admin@admin ~]$ sudo su
[root@editor ~]# whoami
[root@editor ~]# root
- After you are completely sure the new user editor works as expected, you can disable root access via ssh. Edit the file
[root@editor ~]$ nano /etc/ssh/sshd_config
and either set
or remove/ comment out the line
- The last step is to restart the sshd service.
for RedHat Centos Fedora
[root@editor ~]# service sshd restart
for Ubuntu Debian
[root@editor ~]# service ssh restart