Disallow Root Logins
Disallowing root logins is a good security practice to help protect your CentOS system from unauthorized access. You can disable direct root logins by following these steps:
- Log In: Open a terminal and log in to your CentOS system with a user account that has superuser privileges. If you’ve just created a new user, you can use that account.
- Edit SSH Configuration: CentOS typically uses OpenSSH as the SSH server. To disallow root logins, you need to edit the SSH configuration file. Open the SSH configuration file
/etc/ssh/sshd_configwith a text editor. You can use a command-line text editor like
sudo nano /etc/ssh/sshd_config
If you are using
nano, navigate to the line that reads
PermitRootLogin and modify it.
If you are using
vim, press “i” to enter insert mode and modify the line.
PermitRootLogin: Find the line that says
PermitRootLoginand change its value to
no. It should look like this:
This configuration change will prevent the root user from logging in directly through SSH.
- Save and Exit: If you are using
Ctrl + Oto save the file, then press
Enter, and finally press
Ctrl + Xto exit. If you are using
Esc, then type
Enterto save and exit.
- Restart SSH Service: After modifying the SSH configuration, you need to restart the SSH service for the changes to take effect. Use the following command:
sudo systemctl restart sshd
- Test the Configuration: To ensure that root logins are disabled, open a new terminal and attempt to log in as the root user via SSH. You should receive a message like “Permission denied.” To log in, you will need to use a regular user account and then use
suto gain superuser privileges.
By disabling direct root logins, you enhance the security of your CentOS system because attackers will need to know both a valid username and its associated password to log in via SSH. This is an additional layer of security compared to allowing root logins, which can be more vulnerable to brute-force attacks.