Why are we advised to not log into SSH as Root [duplicate]

ssh security root

Possible Duplicate:
Why shouldn't root be allowed to login via ssh?

Hi, Why is it safer to not log in as root via SSH? Since the login is SSH protected the root password is not in plain text over the web. Also once you're in you have to SU into root to carry out certain tasks so the root password is still exposed. I suspect I'm missing the point but when I search this I just find the advice but no convincing reasons.

Any advice gratefully recieved.

Thanks C


Solution 1:

Two points: 1.) Because Root is always there, and the gain would be so high, it is probable an eventual brute force attack would take place against root. For other users, the username would have to be guessed first. And then the users would have to have permissions. Making the brute force just not worth the effort.

2.) Noone should login as root, and you should only use sudo to do privileged commands. Therefore, there is no reason to log in root at all.

==> probable gain, no loss in disabling root on ssh.

Solution 2:

There's also the aspect of logging. When you su or sudo, it'll log your username, whereas if you log ssh in as root, just your ip-address will be logged. While you usually will be able to correlate an ip address with a certain user, it's still a lot more telling just having the username logged.

Solution 3:

What posipiet said, plus: it means two sets of trusted information are needed to get root access, not just one; the root password on its own becomes useless, and can only be leveraged alongside a regular user account (and if access to su is restricted, only alongside a trusted user account).

Solution 4:

well everyone knows that 'root' (the username) is the admin of your box, so by denying 'root' remote access to ssh into your box you are making it just a wee bit harder for the hackers to get into your box since now they will have to guess a username on your box.

  1. As root, vi /etc/ssh/sshd_config

  2. In there find (or create) a line that reads

Quote

#Authentication: #LoginGraceTime 120

PermitRootLogin no

#StrictModes yes

The line PermitRootLogin no is the important one. Note there is no # in front of it.

  1. Once you have made thos changes, save the file (esc then :wq).

  2. Restart sshd (service sshd restart).

With this line root cannot ssh into the box. To become root, ssh in as a normal user then use su - to become root once logged in.

Related

Ext4 partition bigger than 2TB?
MS SQL 2008 all on RAM?
Is it possible to manage ESX servers from Linux?
Non-recursive find on linux
Created an EBS volume from a snapshot, but can't mount it?
iphones and exchange, what am I missing?
Linux, simple http proxy
Using mongodb tools (mongodump, mongorestore) from another machine
How can I stop FFMPEG?
how to auto-run ntdpdate command?
I deleted libssl.so.10
Which Nginx and which config file is used