{"id":1089,"date":"2010-07-11T23:00:12","date_gmt":"2010-07-11T23:00:12","guid":{"rendered":"http:\/\/www.theperfectarts.com\/?p=1089"},"modified":"2017-09-01T06:17:09","modified_gmt":"2017-09-01T06:17:09","slug":"how-to-disable-root-login-and-enable-key-authentication-on-dedicated-server","status":"publish","type":"post","link":"https:\/\/www.ktchost.com\/blog\/how-to-disable-root-login-and-enable-key-authentication-on-dedicated-server\/","title":{"rendered":"How to disable root login and enable key authentication on Dedicated server?"},"content":{"rendered":"

How to disable root login and enable key authentication on Dedicated server?<\/p>\n

Refer following steps to disable direct root login.<\/p>\n

1. SSH into your server as root user.<\/p>\n

2. Open file sshd_config in your favorite editor<\/p>\n

pico \/etc\/ssh\/sshd_config<\/strong><\/p>\n

3. Find the line<\/p>\n

Protocol 2, 1<\/strong><\/p>\n

4. Uncomment line and change it to look like<\/p>\n

Protocol 2<\/strong><\/p>\n

5. Now find the line
\nPermitRootLogin yes<\/strong><\/p>\n

6. And Uncomment libe and make it look like as
\nPermitRootLogin no<\/strong><\/p>\n

7. Save the file sshd_config file,<\/p>\n

8. Restart SSH service
\n\/etc\/rc.d\/init.d\/sshd restart<\/strong><\/p>\n

Once root login disabled on server generate authentication key by using following steps.<\/p>\n

1. Add user for example we will add user support<\/p>\n

useradd support<\/strong><\/p>\n

2.Assigne user support in wheel group.<\/p>\n

usermod -G wheel support<\/strong><\/p>\n

3. Set correct permission for sudoers files.<\/p>\n

chmod 644 \/etc\/sudoers<\/strong><\/p>\n

4. Now open sudoers file and set followings line in sudoers file.<\/p>\n

pico \/etc\/sudoers<\/strong><\/p>\n

# User privilege specification
\nroot\u00a0\u00a0\u00a0 ALL=(ALL) ALL<\/strong><\/p>\n

# Same thing without a password
\n%wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ALL=(ALL)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 NOPASSWD: ALL<\/strong><\/p>\n

5. Make sure that sudo file binery file is secure.<\/p>\n

chmod 4111 \/usr\/bin\/sudo<\/strong><\/p>\n

If you are not sure about sudo binery path then run commamd to confirm the path.<\/p>\n

which sudo<\/strong><\/p>\n

6.Now create .ssh directory in support users home directory.<\/p>\n

cd \/home\/support<\/strong><\/p>\n

mkdir .ssh<\/strong><\/p>\n

cd <\/strong>.ssh<\/strong><\/p>\n

7. Now generate the key by using PuTTYgen software <\/a>and save the key on your local machine as support.ppk file.<\/p>\n

8. Create authorized_keys file in .ssh directory and copy content from file support.ppk to authorized_keys file.<\/p>\n

9. Confirm permission and ownership for files.<\/p>\n

cd \/home<\/strong><\/p>\n

ll | grep support<\/strong><\/p>\n

The ownership shuold be<\/p>\n

drwx——\u00a0\u00a0\u00a0 7 support support\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 4096 Jul 10 03:44 support<\/strong><\/p><\/blockquote>\n

cd \/home\/support<\/strong><\/p>\n

ll | grep .ssh<\/strong><\/p>\n

drwxr-xr-x\u00a0\u00a0\u00a0 2 root\u00a0\u00a0 root\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 4096 Jul 12\u00a0 3:34 .ssh\/<\/strong><\/p><\/blockquote>\n

cd \/home\/support\/<\/strong>.ssh<\/strong><\/p>\n

ll<\/strong><\/p>\n

The ownership shoud be<\/p>\n

drwxr-xr-x 2 root\u00a0\u00a0\u00a0 root\u00a0\u00a0\u00a0 4096 Jul 12 03:22 .\/
\ndrwx—— 7 support support 4096 Jul 12 03:44 ..\/
\n-rw-r–r– 1 root\u00a0\u00a0\u00a0 root\u00a0\u00a0\u00a0 224\u00a0 Jul 12 03:40 authorized_keys<\/strong><\/p><\/blockquote>\n

Note : Do not close current Shell until you are able to access server with the support.ppk key.<\/strong>
\n<\/p>\n

 <\/p>\n

 <\/p>\n

\"\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

How to disable root login and enable key authentication on Dedicated server? Refer following steps to disable direct root login. 1. SSH into your server […]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[39,43,44,42],"tags":[],"class_list":["post-1089","post","type-post","status-publish","format-standard","hentry","category-centos-server","category-commands","category-linux","category-security"],"_links":{"self":[{"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/posts\/1089"}],"collection":[{"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/comments?post=1089"}],"version-history":[{"count":17,"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/posts\/1089\/revisions"}],"predecessor-version":[{"id":5721,"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/posts\/1089\/revisions\/5721"}],"wp:attachment":[{"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/media?parent=1089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/categories?post=1089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ktchost.com\/blog\/wp-json\/wp\/v2\/tags?post=1089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}