• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 247
  • Last Modified:

SSH Information, Don't root login??

Hi,

I'm quite new to SSH security, so please forgive me. I've read on the internet (somewhere), that you should never login as 'root', which is what I've been doing on my server for around 4 months, is that wrong? They claim you should make an account with a root 0 UID (eh?) or use su - (what's that point?).

Many Thanks,

Jay
0
Jay-Shahj
Asked:
Jay-Shahj
  • 10
  • 6
1 Solution
 
TolomirAdministratorCommented:
well see it that way:

to break into your server a hacker knows already the login name, so all one has to "do" is crack the password.

If you reject root accounts, one has to find the right login name + the right password, making intrusions much more difficult.

That's it!

Tolomir
0
 
Jay-ShahjAuthor Commented:
:D
0
 
TolomirAdministratorCommented:
Of causd

so in /etc/ssh/sshd_config change the setting

#PermitRootLogin yes

into

PermitRootLogin no

---
Logon as a restricted user and use

su -

to change your permissions to the root account.

Tolomir
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
TolomirAdministratorCommented:
wow that was fast....
0
 
Jay-ShahjAuthor Commented:
You have no obligation to answer this:

jrs@server [/]# su -
-bash: /bin/su: Permission denied

Help :)
0
 
TolomirAdministratorCommented:
what do you get with "su"
0
 
Jay-ShahjAuthor Commented:
jrs@server [~]# su
-bash: /bin/su: Permission denied

Thanks for your help,

Jay

P.S. I did adduser jrs then passwd jrs to make the account.
0
 
TolomirAdministratorCommented:
can you login as root on that machine locally?
0
 
Jay-ShahjAuthor Commented:
Locally as in through Putty (yes, I can), servers in the US, I'm in the UK.

Jay
0
 
TolomirAdministratorCommented:
so there is a password set for root?
0
 
TolomirAdministratorCommented:
I'm asking because "su -" could be rejected if no password for root is set!
0
 
TolomirAdministratorCommented:
does

"su - jrs" work?
0
 
Jay-ShahjAuthor Commented:
There is a nice strong password set for root.
No su - jrs doesn't work

:(

Jay
0
 
TolomirAdministratorCommented:
Ok try this  as root:

chmod 755 /bin/su
0
 
TolomirAdministratorCommented:
It seems like the user jrs didn't have permissions to execute "su". With "chmod 755 /bin/su" you grant all users the permission to execute "/bin/su".

If that is a security problem, set permissions to "chmod 750 /bin/su" and add the user to the group "/bin/su" is assigned to.

0
 
Jay-ShahjAuthor Commented:
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 10
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now