• About
  • Arts
  • Video / Photos
  • Contact us
Linux Servers cPanel webhosting blog
Basics cPanel tutorials / issue,mysql,php errors etc
Home

How to disable root login and enable key authentication on Dedicated server?

By Gunjan · July 11, 2010

How to disable root login and enable key authentication on Dedicated server?

Refer following steps to disable direct root login.

1. SSH into your server as root user.

2. Open file sshd_config in your favorite editor

pico /etc/ssh/sshd_config

3. Find the line

Protocol 2, 1

4. Uncomment line and change it to look like

Protocol 2

5. Now find the line
PermitRootLogin yes

6. And Uncomment libe and make it look like as
PermitRootLogin no

7. Save the file sshd_config file,

8. Restart SSH service
/etc/rc.d/init.d/sshd restart

Once root login disabled on server generate authentication key by using following steps.

1. Add user for example we will add user support

useradd support

2.Assigne user support in wheel group.

usermod -G wheel support

3. Set correct permission for sudoers files.

chmod 644 /etc/sudoers

4. Now open sudoers file and set followings line in sudoers file.

pico /etc/sudoers

# User privilege specification
root    ALL=(ALL) ALL

# Same thing without a password
%wheel        ALL=(ALL)       NOPASSWD: ALL

5. Make sure that sudo file binery file is secure.

chmod 4111 /usr/bin/sudo

If you are not sure about sudo binery path then run commamd to confirm the path.

which sudo

6.Now create .ssh directory in support users home directory.

cd /home/support

mkdir .ssh

7. Now generate the key by using PuTTYgen software and save the key on your local machine as support.ppk file.

8. Create authorized_keys file in .ssh directory and copy content from file support.ppk to authorized_keys file.

9. Confirm permission and ownership for files.

cd /home

ll | grep support

The ownership shuold be

drwx——    7 support support          4096 Jul 10 03:44 support

cd /home/support

ll | grep .ssh

drwxr-xr-x    2 root   root        4096 Jul 12  3:34 .ssh/

ll .ssh

The ownership shoud be

drwxr-xr-x 2 root    root    4096 Jul 12 03:22 ./
drwx—— 7 support support 4096 Jul 12 03:44 ../
-rw-r–r– 1 root    root    224  Jul 12 03:40 authorized_keys

Note : Do not close current Shell until you are able to access server with the support.ppk key.

delicious | digg | reddit | facebook | technorati | stumbleupon | savetheurl
Category: Basic Linux, Linux Administrator Interview Questions, Server Security, VPS  Tags: /etc/ssh/sshd_config, chmod comamnd, disable root login, enable key authentication, generate the key, mkdir command, ppk file, PuTTYgen software, security on dedicated server, ssh file, ssh Protocol, sshd restart, sudoers file, useradd command, usermod coammnd, which command
You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.
One Response
  1. How to disable root login and enable key authentication on … | Linux Affinity says:
    July 11, 2010 at 11:21 pm

    [...] the rest here: How to disable root login and enable key authentication on … Posted in: Server ADD [...]

« New subdomain missing cgi-bin directory.
Horde Failed to connect to localhost:25 error message »

  • Calendar

    July 2010
    M T W T F S S
    « Jun   Aug »
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  

  • The Perfect Forum

    • .htaccess (10)
    • Basic Linux (34)
    • Browser problems (3)
    • Common errors (7)
    • cPanel + cPanel scripts (16)
    • Cron jobs issue (4)
    • Definition / Explanation (5)
    • E-mails issue (13)
    • Enable private PHP (4)
    • Few good queries and suggestions (11)
    • FTP / Frontpage / Dreamweaver (8)
    • Install server side software / script (11)
    • Linux Administrator Interview Questions (31)
    • Linux Permissions (7)
    • Mailman (1)
    • Mysql + phpmyadmin (11)
    • NFS server (6)
    • PHP (6)
    • Server Security (17)
    • Third party script issue (9)
    • Tomcat (1)
    • Uncategorized (15)
    • VPS (28)

  • Archives

  • Tag you need to know

    .htaccess .htaccess file /etc/login.defs /etc/ssh/sshd_config /var/cpanel/cpanel.config Access denied for user 'root'@'localhost' AddHandler + Safari browser problem cgi script clear cache cPanel access logs cPanel error logs cPanel exim logs cPanel logs cPanel servers logs defination for /etc/login.defs Disable directory listing exim logs find command login.defs mysql from WHM mysql has failed mysql service mysql service from WHM Network File System NFS Server php form phpmail() form phpmail function please contact the sysadmin roundcube roundcube error Safari browser Safari browser + AddHandler Safari browser + AddHandler application/x-httpd-php5 Safari browser downloading .html pages. Safari browser downloading pages Safari downloading pages simple php form simple phpmail() form simple phpmail function form sshd restart suexec trueuserdomains using the NFS Server what is login.defs

  • Tag

    .htaccess .htaccess file /etc/login.defs /etc/ssh/sshd_config /var/cpanel/cpanel.config Access denied for user 'root'@'localhost' AddHandler + Safari browser problem cgi script clear cache cPanel access logs cPanel error logs cPanel exim logs cPanel logs cPanel servers logs defination for /etc/login.defs Disable directory listing exim logs find command login.defs mysql from WHM mysql has failed mysql service mysql service from WHM Network File System NFS Server php form phpmail() form phpmail function please contact the sysadmin roundcube roundcube error Safari browser Safari browser + AddHandler Safari browser + AddHandler application/x-httpd-php5 Safari browser downloading .html pages. Safari browser downloading pages Safari downloading pages simple php form simple phpmail() form simple phpmail function form sshd restart suexec trueuserdomains using the NFS Server what is login.defs

    .htaccess (10)
    Basic Linux (34)
    Browser problems (3)
    Common errors (7)
    cPanel + cPanel scripts (16)
    Cron jobs issue (4)
    Definition / Explanation (5)
    E-mails issue (13)
    Enable private PHP (4)
    Few good queries and suggestions (11)
    FTP / Frontpage / Dreamweaver (8)
    Install server side software / script (11)
    Linux Administrator Interview Questions (31)
    Linux Permissions (7)
    Mailman (1)
    Mysql + phpmyadmin (11)
    NFS server (6)
    PHP (6)
    Server Security (17)
    Third party script issue (9)
    Tomcat (1)
    Uncategorized (15)
    VPS (28)

    WP-Cumulus by Roy Tanck and Luke Morton requires Flash Player 9 or better.

  • Recent Posts

    • Redirect loop and LimitInternalRecursion error message.
    • How to turn off CGI execution server wide
    • Horde Failed to connect to localhost:25 error message
    • How to disable root login and enable key authentication on Dedicated server?
    • New subdomain missing cgi-bin directory.
    • Joomla “404 component error”?
    • SuExec server permission issue?
    • “unauthenticated user” problem in mysql logs?
    • Joomla “Not a valid image” issue?
    • SERVICE CURRENTLY NOT AVAILABLE Error No. [0x01F4] – RoundCube

  • Blogroll

    • Check it 9
    • Dedicated Servers Asia Dedicated server hosting asia will provide you with the information related with Dedicated Servers in Asia and guidance through the process 0
    • Development Arts This is the best Arts… 9
    • Documentation You like to watch it once in your life 0
    • Suggest Ideas Contact us if you have any query regarding to our Arts 0
    • Support Webhosting Forum 9
    • Themes Check out best Arts and choose it for you.. 0

  • Search: the web pages