Step 1. Root Access

Before we get started. Here’s what I’m going to assume you’ve done already

  • Setup your hostname
  • Added yourself a user account that’s not root
  • Setup that account as being part of the sudo group

I typically use Debian on my servers cause I’m ghetto old school that way. If you’re using Ubuntu, everything is the same since it’s Debian based. If you’re using anything else and it’s not Debian based just adjust accordingly for the installation of software.

Note: I’m also going to assume you know that it’s good practice to use sudo to run all things that require root access and not actually be logged in as root. I’m not here to preach what I personally believe is good practice so I’m going to exclude ‘sudo’ from all the commands.

Disable Root SSH Login

By default your VPS image (if you’re running a Linode) should already allow you to SSH into the server and log in as ‘root’. I’m assuming you have created yourself an account already.

Why disable root SSH login? Quite honestly, it’s because after sifting through hundreds of thousands of server logs, I’ve noticed that sooner or later every outside facing server with SSH access is going to sooner or later get some sort of automated brute force dictionary attempts at breaking into the server. By disabling root login from SSH, even if someone did manage to guess your root password, they couldn’t get in.

If you’re one of those guys that likes to run around as root, create another user that you can SSH into with and then just ‘su’ into root once you get in. Please note that it’s generally better practice just to stay logged in as your normal user and just sudo everything.

NOTE: Aside from root, I have noticed someone out there trying to brute force their way using an account named ‘admin’ which doesn’t exist on my machine. Based on that, I would not suggest creating an account called admin either.

Now onto the fun stuff

FIrst edit the following file

/etc/ssh/sshd_config

Find the line

#PermitRootLogin yes

Uncomment it and change it to ‘no’. It should look like this

PermitRootLogin no

Save and exit then restart your sshd service by running either

/etc/init.d/sshd restart

or

service sshd restrart

They both do the same damn thing.

<- Back to the beginning  |  Onwards to Step 2 ->