Disable SSH Root Login For Improved Security

Показать описание

This is a just a quick video on how to disable root login via SSH. Why disable the ability for to login via root? Because most attackers are going to try to get in as root.

REFERENCED:

WANT TO SUPPORT THE CHANNEL?

SOCIAL PLATFORMS:
💬 IRC: irc://freenode #distrotube

DT ON THE WEB:

FREE AND OPEN SOURCE SOFTWARE THAT I USE:

Your support is very much appreciated. Thanks, guys!

Рекомендации по теме

Комментарии

Hey distrohuggers.

Congratulations to the Rawhide Xfce team. Their huge update today works great. 1268 packages, with all the major components getting updates. However. My boot up time is about 3 minutes. Just a black screen. Kind of scary. But once in my Xfce session, things are butter-smooth with Mesa 20.0.0-rc2, and kernel 5.6.0-rc1, and systemd 245-rc1, etc. Wow ! I doubt any other distros have all that today. I doubt many of you have ever used Xfce on Rawhide. It is about as vanilla Xfce as you are going to find. But you get updates on almost a weekly basis of things, that generally do not get pushed in other distros until a new fixed version comes out. Anyways, in early May the upcoming release of Fedora Version 32 ( Xfce spin ), will be almost identical to this set-up on my box, with the main difference being, things that are not rc-versions will be stable and tested by dozens if not hundreds of Fedorans. Once version 32 is out in the wild for a while, things are going to get tweaked and it will be an awesome distro ( if you like the Fedora way of doing things, that is ). I will say this from experience. The Xfce spin of Fedora is like a totally different distro from their Workstation ( Gnome 3.34 ) version. The Xfce version requires more knowledge of Linux and the Fedora way of doing things. Most Linux users may not like that. Microsoft-transients would not have a clue what I am talking about, nor why.

CrustyAbsconder

Great tip Derek, way to go for hardening the SSH daemon a bit. But why are people insisting on using :wq <enter> when hitting ZZ saves and quits vim in one sweep (you don't even need to hit enter!) and takes less than a split second?

tc

Great video as always it was very informative. 👍 As a Linux newbie I thank you.

baskinlive

Disabling SSH for root on a server is advisable if you have access to the server itself, but I'm not so certain if you're renting the server - as most would be.

AlucardNoir

3:06 what's this key "dubya"? I don't think I have it in my keyboard

Gabriel-mfwh

Man, you really looks like "slavic", lol

yakimura

On my desktop Arch, the value of allowrootlogin is 'prohibit-password'. I googled it and it says that option will not allow any root login with password. So in that case, do I need to change it to 'no'?

midhunrajr

Disable networking for even better security

FinaISpartan

What if the hackers watched this video?

TheShakeship

After many days (and nights), I finished my arch installation (in which I had grub installed). I had everything (including eye-candy) set up. Today, grub failed. It turned out there was a filesystem error. After fsck, there was nothing left. I just wanted to share my pain 😞.

minepro

Does not work because I can't scroll or page down in Xfce terminal!?

johanb.

>allowing SSH port to be open to the public and not running your own VPN

jarilo

You should probably disable sshd on your desktop machine: sudo systemctl disable sshd
Once disabled, you can temporarily start sshd when needed: sudo systemctl start sshd

Disabling sshd won't prevent you from using ssh to connect to other machines, so there is no downside to disabling sshd. You should only run sshd when you want to connect to your desktop from another machine.

elcugo

I use zerotier sd-wan (vpn) on my server and laptop. I set up to only allow connect from vpn subnet.

bhsecurity

* The default for the sshd_config(5) PermitRootLogin option has
changed from "yes" to "prohibit-password".

* now bans all
interactive authentication methods, allowing only public-key,
hostbased and GSSAPI authentication (previously it permitted
keyboard-interactive and password-less authentication if those
were enabled).

jadowityherbatnik

My Linux Mint system says: "Prohibit-Password"

Khyree_Holmes

Its default off without having that line on Gentoo, but thanks my arch laptop where wrongly configured. Tested with commenting out the line, and now its not allowed. If I did use ssh on external IP I would use a certificate login, next video ? :p jk

syrefaen

By default on Arch sshd_config have PermitRootLogin set to prohibit-password

fire

Better option is too not have ssh open to the Internet.

izzy

Disable SSH Root Login For Improved Security

Disable SSH Root Login For Improved Security

How to Enable and Disable Root Login via SSH on Ubuntu

How to disable ssh login for root user and disable password based authentication in Linux

How (and Why) to Disable Root Login Over SSH

SSH - Disable root login in Linux OpenSSH server

How To Disable or Enable SSH Root Login and Limit SSH Access in Linux

SSH disable root login - Redhat / CentOS

How to Enable/Disable SSH Root Login in Debian 10 | Easy IT

Default User SSH Authorized Key Risks on Linux

How to Enable root login over SSH

Disable root login in ssh

How to Disable root Login in Linux SSH Server

Disable Root SSH Login On Raspberry Pi

Ubuntu Allow Root Login Directly via SSH - Ubuntu 20.04 LTS

Disable root access in Linux (local and SSH)

How To Disable Root Login In SSH

disable ssh login for root user CentOS 7

066 ssh disable root login

How To Protect Your Linux Server From Hackers!

Why disable ssh for root user? (2 Solutions!!)

How To Enable Root SSH Login On Linux

Enable Root Login via SSH Server permission denied for root

Secure SSH server, Change SSH Port and Disable root Login | CentOS 8 Server Setup Part #4

How To Setup Sudo And Disable Root SSH Login - Granting Sudo To a User And Disabling Root SSH Access