Created
September 16, 2019 12:07
-
-
Save 84adam/e13b9e8e57c0dcc1693e41ec1fac54f0 to your computer and use it in GitHub Desktop.
Create new sudo user; disable root login via SSH
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # create a new non-root user | |
| adduser <new-username> | |
| # follow prompts | |
| # give sudo permissions to the new user | |
| usermod -aG sudo <new-username> | |
| # check groups for new user | |
| groups <new-username> | |
| # edit sshd_config settings | |
| vim /etc/ssh/sshd_config | |
| # change `PermitRootLogin` from yes to no | |
| # Authentication: | |
| #LoginGraceTime 2m | |
| PermitRootLogin no | |
| #StrictModes yes | |
| #MaxAuthTries 6 | |
| #MaxSessions 10 | |
| # save the changes | |
| # restart the ssh daemon | |
| systemctl restart sshd | |
| # check the status of sshd | |
| systemctl status sshd | |
| # test from another terminal: | |
| # try logging in as the new user and then becoming root with: | |
| sudo su - | |
| # if the above works, try logging in as root again over SSH | |
| # expect this to fail | |
| # if you enter the correct password, you should still get an 'access denied' error message |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment