Step 1: Modifying The sshd_conf FileRemember, backing up any important system file before you modify it is always a good idea!
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backupWhen connected to the server as root use your favorite text editor to open the sshd configuration file (/etc/ssh/sshd_config). For this tutorial we will use vim. With the file open, find the line labeled PermitRootLogin. It will most likely be commented out using the # symbol. We will need to remove the # symbol to make the line active, and then change “yes” to “no”. Example of the end result:
Step 2: Creating A New UserWhile we have disabled directly using SSH to log in to the server as root, this of course does not mean that you want to disable root-level functions entirely. This step will show you how to create a new user just for SSH purposes, and how to allow that user to switch to root once they are logged in. If you already have a user account on the server that you would like to use for this purpose you can skip ahead to the instructions for adding a user to the wheel group. Adding the User We will use the commands adduser and passwd to create a new user account and assign it a password. You are welcome to name this new account anything you want, but for this example we will call it lwsupport. When you run the passwd command with the user name it will ask you to type in the new password twice for verification. Example: Adding the User to the Wheel Group Important note: Be sure to back up the group file before making changes! Open the /etc/group file in your favorite editor. Find the line called “Wheel” and add your new user account to the existing line (be sure to follow the existing format of other lines, and add a comma where necessary). Example: Save your changes and close the file. Now we will need to restart SSH to apply the new settings with the following command:
service sshd restartRoot logins are now disabled in the SSH server. Logout of your root SSH session to the server and login as your new user instead. Once you are logged in as the new user simply run the command su – and you will prompted for the server’s root password. Be sure to use a – after the su command so that your path settings to various programs are correct.
Step 3: Updating Your Server Information in ManageNow that your server no longer allows the root user to log in over SSH our support staff will need to know the new login details. If we do not have the new login details on file our monitoring team will not be able to proactively fix problems on your server. Visit our tutorial on Updating Your Root User and SSH Information in Manage!