You are not logged in.

Pages: 1

#1 2009-03-18 13:45:37

nefty
Member
Registered: 2008-06-01
Posts: 6
Website

Disable root account

I was planning on setting up a server and forwarding a port for ssh, so I want to make sure it's secure. I recently read about attacks where people would try to find ssh ports open to the internet, then brute-force for root passwords.  There were some complex methods for protecting against this, like keys or convoluted port-knocking schemes, but I thought it would be easier to just disable login to the root account.  I edited my /etc/passwd to change /bin/bash to /sbin/nologin for root.  I just use sudo from my main user account for everything.

The only problem I can see with this is if my groups or user gets screwed up somehow, but I figured I could always boot from a usb drive or something and straighten things out from there.  Any more experienced users care to let me know if this is a good idea?

Edit:  Apparently there is an article in the wiki about just this.
http://wiki.archlinux.org/index.php/Dis … o_password
Sorry for posting before searching, I saw that article once before though and thought it was about letting you log into root without a password.  Silly me...
Anyway, I guess I'm doing it wrong.  Should I change /etc/passwd back and just follow the wiki?

Last edited by nefty (2009-03-18 14:13:12)

Offline

#2 2009-03-18 14:20:30

initbox
Member
Registered: 2008-09-27
Posts: 172

Re: Disable root account

Well you could just change it back.

Anyway, making ssh pretty secure is easy. You can disallow root-logins from the sshd config file and only allow specified users to login.

Changing SSH to a non-standard port cuts down the amount of bruteforcers to zero (atleast, that's my experience.) Using keys is a slight inconvenience but it will make ssh'ing really secure.

Offline

#3 2009-03-18 14:38:12

Hrod beraht
Member
Registered: 2008-09-30
Posts: 186

Re: Disable root account

/etc/ssh/sshd_config: PermitRootLogin no

I would say this is better than disabling root altogether as that means someone only has to figure out one login and password to get root access via sudo. With a regular user and root with no ssh login, the hacker would need to figure out the user ID and password to ssh in, and then also figure out the root password.

nefty wrote:

There were some complex methods for protecting against this, like keys...

That's the best method, and not nearly as complex as it seems. Check out the using SSH keys wiki article.

Bob

Offline

Pages: 1

Board footer

Powered by FluxBB