noroot-ssh.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # create a new non-root user | |
| adduser <new-username> | |
| # follow prompts | |
| # give sudo permissions to the new user | |
| usermod -aG sudo <new-username> | |
| # check groups for new user | |
| groups <new-username> | |
| # edit sshd_config settings | |
| vim /etc/ssh/sshd_config | |
| # change `PermitRootLogin` from yes to no | |
| # Authentication: | |
| #LoginGraceTime 2m | |
| PermitRootLogin no | |
| #StrictModes yes | |
| #MaxAuthTries 6 | |
| #MaxSessions 10 | |
| # save the changes | |
| # restart the ssh daemon | |
| systemctl restart sshd | |
| # check the status of sshd | |
| systemctl status sshd | |
| # test from another terminal: | |
| # try logging in as the new user and then becoming root with: | |
| sudo su - | |
| # if the above works, try logging in as root again over SSH | |
| # expect this to fail | |
| # if you enter the correct password, you should still get an 'access denied' error message |