How to disable root login and enable key authentication on Dedicated server?
Refer following steps to disable direct root login.
1. SSH into your server as root user.
2. Open file sshd_config in your favorite editor
pico /etc/ssh/sshd_config
3. Find the line
Protocol 2, 1
4. Uncomment line and change it to look like
Protocol 2
5. Now find the line
PermitRootLogin yes
6. And Uncomment libe and make it look like as
PermitRootLogin no
7. Save the file sshd_config file,
8. Restart SSH service
/etc/rc.d/init.d/sshd restart
Once root login disabled on server generate authentication key by using following steps.
1. Add user for example we will add user support
useradd support
2.Assigne user support in wheel group.
usermod -G wheel support
3. Set correct permission for sudoers files.
chmod 644 /etc/sudoers
4. Now open sudoers file and set followings line in sudoers file.
pico /etc/sudoers
# User privilege specification
root ALL=(ALL) ALL
# Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
5. Make sure that sudo file binery file is secure.
chmod 4111 /usr/bin/sudo
If you are not sure about sudo binery path then run commamd to confirm the path.
which sudo
6.Now create .ssh directory in support users home directory.
cd /home/support
mkdir .ssh
cd .ssh
7. Now generate the key by using PuTTYgen software and save the key on your local machine as support.ppk file.
8. Create authorized_keys file in .ssh directory and copy content from file support.ppk to authorized_keys file.
9. Confirm permission and ownership for files.
cd /home
ll | grep support
The ownership shuold be
drwx—— 7 support support 4096 Jul 10 03:44 support
cd /home/support
ll | grep .ssh
drwxr-xr-x 2 root root 4096 Jul 12 3:34 .ssh/
cd /home/support/.ssh
ll
The ownership shoud be
drwxr-xr-x 2 root root 4096 Jul 12 03:22 ./
drwx—— 7 support support 4096 Jul 12 03:44 ../
-rw-r–r– 1 root root 224 Jul 12 03:40 authorized_keys
Note : Do not close current Shell until you are able to access server with the support.ppk key.
