How to disable root access to server and add another user to sudo in CentOs Ubuntu Debian
How to disable root access to server and add another user to sudo in CentOs Ubuntu Debian
Default administrator username is root on Linux Based Operating Systems.
its easy to remember the name (root) but sometimes this default name will be a problem as many use it do a brute-force on your server and get your server hacked.
We are going to see how to disable Direct root access to the server in CentOs, Ubuntu, Debian & Ubuntu Flavours
First you need to login to your server through SSH.
STEP 1 :
On CentOs/Redhat Based Operating System
[email protected]'s password: Last login: Tue May 5 09:48:40 2015 from 4.2.2.100 root@server [~]#
Once logged in,
We need to create a new user as below.
root@server [~]# adduser semiadmin
Set password for the created user.
root@server [~]# passwd semiadmin Changing password for user semiadmin. New password: Retype new password: passwd: all authentication tokens updated successfully. root@server [~]#
We are now going to assign su(sudo) permission to the user semiadmin, as we need this user to su and to work further as root.
Use the command nano to edit nano /etc/group to edit the wheel user settings file.
root@server [~]# nano /etc/group
Now, Press CTRL + W and the type the word or username we created on our case its semiadmin.
You will now see the username created with the below value.
semiadmin:x:32012:
We need to add the below line in the top of the file.
wheel:x:10:semiadmin
Once done,
Save it by Pressing CTRL + O exit by CTRL + X
Now restart the ssh service by.
root@server [~]# service sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ] root@server [~]#
Once ssh daemon is restarted, try login with the newly created username.
You would see as below.
login as: semiadmin [email protected]'s password: Attempting to create directory /home/semiadmin/perl5 semiadmin@server [~]#
We have completed the part of creating the user and assigned the wheel group.
STEP 1 .1: UPDATED
On Ubuntu,Linux mint and Debian based Operating System
login as: root [email protected]'s password: The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Welcome to Ubuntu 13.04 (GNU/Linux 3.8.0-19-generic x86_64) * Documentation: https://help.ubuntu.com/ root@server:~#
Once logged in,
We need to create a new user as below.
root@server [~]# sudo adduser semiadmin Adding user `semiadmin' ... Adding new group `semiadmin' (1000) ... Adding new user `semiadmin' (1000) with group `semiadmin' ... Creating home directory `/home/semiadmin' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for semiadmin Enter the new value, or press ENTER for the default Full Name []: Semi Admin Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] y root@server [~]#
As on the above ssh log,
You will be asked to enter the users Password, Then Full Name & etc…
You can simply Press ENTER button.
Now, we are going to add this user semiadmin to wheel user.
root@server [~]# sudo usermod -a -G sudo semiadmin root@server [~]# service sshd restart
Now, You can login to the account with the newly created user semiadmin
root@server [~]# login as: semiadmin [email protected]'s password: semiadmin@server:~$ su - Password:
STEP 2 :
We should now disable the direct root user login to the server.
Which we are going to do by editing the ssh configuration file, which is located at /etc/ssh/sshd_config
Use the text editor nano to edit this file.
root@server [~]# nano /etc/ssh/sshd_config
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
You should see option PermitRootLogin as shown above.
Just change the settings to “no” and remove the hash”#” before the line.
or just add the line anywhere on the file.
PermitRootLogin no
Once done, You will not able to login to the server directly.
You should first login as semiadmin and then do su- and login with the root password.
login as: semiadmin [email protected]'s password: Attempting to create directory /home/semiadmin/perl5 semiadmin@server [~]# su - Password: root@server [~]#
That is all.
Do drop in your comments and suggestions, give us your feedbacks which will help us in increasing the quality of our articles.