PermitRootLogin "without-password"
I'm running CPanel on a VPS with CentOS 7. I want to secure the SSH and have limited logins to use a certificate/sshkey. I've made a new user, 'myuser' and added him to the group 'wheel'.
ssh_config
visudo
I am now only able to login using my sshkey. Any attempt to login with a password is rejected. Great! Now.. When I run 'My Security Advisor' in CPanel it tells me me to change PermitRootLogin to "without-password" or "no". (CSF does not give any complaint's regarding this matter.) I am a little inexperienced and do not want this server to go tits up. I do not need to login as root directly, but I do need to be able to 'su' and 'sudo'. Am I safe to change PermitRootLogin to "no" and still be able to 'su -' from 'myuser'?
# Allowed Users
AllowUsers root myuser
# Enable/Disable tunneled clear text passwords
PasswordAuthentication novisudo
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALLI am now only able to login using my sshkey. Any attempt to login with a password is rejected. Great! Now.. When I run 'My Security Advisor' in CPanel it tells me me to change PermitRootLogin to "without-password" or "no". (CSF does not give any complaint's regarding this matter.) I am a little inexperienced and do not want this server to go tits up. I do not need to login as root directly, but I do need to be able to 'su' and 'sudo'. Am I safe to change PermitRootLogin to "no" and still be able to 'su -' from 'myuser'?
-
Am I safe to change PermitRootLogin to "no" and still be able to 'su -' from 'myuser'?
Hello, Yes, you will be able to login using 'su -' from 'myuser' even if you have set PermitRootLogin to "no"0 -
Thank you! 0 -
Hi, You are welcome If you are facing any issue then please update the post. I will check and assist you. 0 -
Hello, You may also find this thread helpful: [Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening) Thanks! 0
Please sign in to leave a comment.
Comments
4 comments