HowTos | Basics | Concepts

3. Restart the sshd service:

# service sshd restart

Enabling root login

To enable the root login back again, follow the exact reverse process.

1. Edit the /etc/ssh/sshd_config

file with a text editor and find the following line:

#PermitRootLogin no

2. Change the no to yes and or simply put ‘#’ at the beginning of the line so that it reads :

#PermitRootLogin yes

3. Restart the sshd service:

# service sshd restart

Disabling direct root login for non-root users

Sometimes allowing all users the ability to remotely log onto a system can be a security risk. There are many ways to limit who can remotely access a system. You can use PAM, IPwrapers, or IPtables to name a few. However, one of the easiest ways to limit who can access a system via SSH is to configure the SSH daemon.

The directive, AllowUsers, can be configured in /etc/ssh/sshd_config

. This directive can be followed by the list of user name patterns, separated by spaces. If specified, login is allowed only for those user names.

AllowUsers [username]

Where [username] is the username you want to allow.

For example, to allow ssh login to users john and teena and disable for it for rest of the users, modify the AllowUsers directive as :

AllowUsers john teena

Restart the sshd service for the changes to take effect :

# service sshd restart

Allow / disallow groups ssh login

To restrict groups, the option AllowGroups and DenyGroups are used in the file /etc/ssh/sshd_config

. The said options will allow or disallow users whose primary group or supplementary group matches one of the group patterns.

CentOS / RHEL 6 : How to Disable / Enable direct root login via telnet
SHARE THIS
FacebookTwitterGoogle+BufferPin ItEmail