disable-root-access-server-add-another-user-to-sudo-centos-ubuntu-debian

How to disable root access to server and add another user to sudo in CentOs Ubuntu Debian

How to disable root access to server and add another user to sudo in CentOs Ubuntu Debian

How to disable root access to server and add another user to sudo in CentOs Ubuntu Debian

Default administrator username is root on Linux Based Operating Systems.

its easy to remember the name (root) but sometimes this default name will be a problem as many use it do a brute-force on your server and get your server hacked.

We are going to see how to disable Direct root access to the server in CentOs, Ubuntu, Debian & Ubuntu Flavours

First you need to login to your server through SSH.
STEP 1 :
On CentOs/Redhat Based Operating System

root@4.2.2.2's password:Last login: Tue May  5 09:48:40 2015 from 4.2.2.100root@server [~]#

Once logged in,

We need to create a new user as below.

root@server [~]# adduser semiadmin

Set password for the created user.

root@server [~]# passwd semiadminChanging password for user semiadmin.New password:Retype new password:passwd: all authentication tokens updated successfully.root@server [~]#

We are now going to assign su(sudo) permission to the user semiadmin, as we need this user to su and to work further as root.

Use the command nano to edit nano /etc/group to edit the wheel user settings file.

root@server [~]# nano /etc/group

Now, Press CTRL + W and the type the word or username we created on our case its semiadmin.

You will now see the username created with the below value.

semiadmin:x:32012:

We need to add the below line in the top of the file.

wheel:x:10:semiadmin

Once done,

Save it by Pressing CTRL + O exit by CTRL + X

Now restart the ssh service by.

root@server [~]# service sshd restartStopping sshd:                                             [  OK  ]Starting sshd:                                             [  OK  ]root@server [~]#

Once ssh daemon is restarted, try login with the newly created username.

You would see as below.

login as: semiadminsemiadmin@4.2.2.2's password:Attempting to create directory /home/semiadmin/perl5semiadmin@server [~]#

We have completed the part of creating the user and assigned the wheel group.

STEP 1 .1: UPDATED
On Ubuntu,Linux mint and Debian based Operating System

login as: rootroot@4.2.2.2's password:The programs included with the Ubuntu system are free software;the exact distribution terms for each program are described in theindividual files in /usr/share/doc/*/copyright.Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted byapplicable law.Welcome to Ubuntu 13.04 (GNU/Linux 3.8.0-19-generic x86_64) * Documentation:  https://help.ubuntu.com/root@server:~#

Once logged in,

We need to create a new user as below.

root@server [~]# sudo adduser semiadminAdding user `semiadmin' ...Adding new group `semiadmin' (1000) ...Adding new user `semiadmin' (1000) with group `semiadmin' ...Creating home directory `/home/semiadmin' ...Copying files from `/etc/skel' ...Enter new UNIX password:Retype new UNIX password:passwd: password updated successfullyChanging the user information for semiadminEnter the new value, or press ENTER for the default        Full Name []: Semi Admin        Room Number []:        Work Phone []:        Home Phone []:        Other []:Is the information correct? [Y/n] yroot@server [~]# 

As on the above ssh log,

You will be asked to enter the users Password, Then Full Name & etc…
You can simply Press ENTER button.

Now, we are going to add this user semiadmin to wheel user.

root@server [~]# sudo usermod -a -G sudo semiadminroot@server [~]# service sshd restart

Now, You can login to the account with the newly created user semiadmin

root@server [~]# login as: semiadminsemiadmin@4.2.2.2's password:semiadmin@server:~$ su -Password:

STEP 2 :
We should now disable the direct root user login to the server.

Which we are going to do by editing the ssh configuration file, which is located at /etc/ssh/sshd_config

Use the text editor nano to edit this file.

root@server [~]# nano /etc/ssh/sshd_config

# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

You should see option PermitRootLogin as shown above.

Just change the settings to “no” and remove the hash”#” before the line.
or just add the line anywhere on the file.

PermitRootLogin no

Once done, You will not able to login to the server directly.

You should first login as semiadmin and then do su- and login with the root password.

login as: semiadminsemiadmin@4.2.2.2's password:Attempting to create directory /home/semiadmin/perl5semiadmin@server [~]# su -Password:root@server [~]#

That is all.

Do drop in your comments and suggestions, give us your feedbacks which will help us in increasing the quality of our articles.

Comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.