SSH Information, Don't root login??

Hi,

I'm quite new to SSH security, so please forgive me. I've read on the internet (somewhere), that you should never login as 'root', which is what I've been doing on my server for around 4 months, is that wrong? They claim you should make an account with a root 0 UID (eh?) or use su - (what's that point?).

Many Thanks,

Jay
LVL 4
Jay-ShahjAsked:
Who is Participating?
 
TolomirConnect With a Mentor AdministratorCommented:
well see it that way:

to break into your server a hacker knows already the login name, so all one has to "do" is crack the password.

If you reject root accounts, one has to find the right login name + the right password, making intrusions much more difficult.

That's it!

Tolomir
0
 
Jay-ShahjAuthor Commented:
:D
0
 
TolomirAdministratorCommented:
Of causd

so in /etc/ssh/sshd_config change the setting

#PermitRootLogin yes

into

PermitRootLogin no

---
Logon as a restricted user and use

su -

to change your permissions to the root account.

Tolomir
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
TolomirAdministratorCommented:
wow that was fast....
0
 
Jay-ShahjAuthor Commented:
You have no obligation to answer this:

jrs@server [/]# su -
-bash: /bin/su: Permission denied

Help :)
0
 
TolomirAdministratorCommented:
what do you get with "su"
0
 
Jay-ShahjAuthor Commented:
jrs@server [~]# su
-bash: /bin/su: Permission denied

Thanks for your help,

Jay

P.S. I did adduser jrs then passwd jrs to make the account.
0
 
TolomirAdministratorCommented:
can you login as root on that machine locally?
0
 
Jay-ShahjAuthor Commented:
Locally as in through Putty (yes, I can), servers in the US, I'm in the UK.

Jay
0
 
TolomirAdministratorCommented:
so there is a password set for root?
0
 
TolomirAdministratorCommented:
I'm asking because "su -" could be rejected if no password for root is set!
0
 
TolomirAdministratorCommented:
does

"su - jrs" work?
0
 
Jay-ShahjAuthor Commented:
There is a nice strong password set for root.
No su - jrs doesn't work

:(

Jay
0
 
TolomirAdministratorCommented:
Ok try this  as root:

chmod 755 /bin/su
0
 
TolomirAdministratorCommented:
It seems like the user jrs didn't have permissions to execute "su". With "chmod 755 /bin/su" you grant all users the permission to execute "/bin/su".

If that is a security problem, set permissions to "chmod 750 /bin/su" and add the user to the group "/bin/su" is assigned to.

0
 
Jay-ShahjAuthor Commented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.