sshd_config problem on DirectAdmin

A

arda000

New member
Joined
Aug 16, 2010
Messages
10
Hello there;

I wanted to disable root login. I've changed PermitRootLogin to NO

at the end of the sshd_config I saw;

AllowUser admin (my directadmin username)
AllowUser root

I removed these lines because I don't want direct root login

Are these lines really necesarry? If you say yes, I only have to add AllowUser admin? or Will it work properly with default sshd_config file

Thank You
 
Last edited:
If you remove all the AllowUsers lines and change PermitRootLogin to No then nobody will be able to use ssh.
 
floyd said:
If you remove all the AllowUsers lines and change PermitRootLogin to No then nobody will be able to use ssh.
Click to expand...

Sure, I can access with my username arda000@IP, than I type "su -" and i'm on root.

My question is, is there any necessary modifications on sshd_config file?
 
arda000 said:
Sure, I can access with my username arda000@IP, than I type "su -" and i'm on root.
Click to expand...
Like I said if you remove all AllowUsers lines then now you will not be able to access the server through ssh even with your username arda000.

arda000 said:
My question is, is there any necessary modifications on sshd_config file?
Click to expand...

Yes if you want to be able to access ssh with your username. You need:
Code: 
AllowUsers arda000


You also need to make sure the username has a valid shell.
 
floyd said:
Like I said if you remove all AllowUsers lines then now you will not be able to access the server through ssh even with your username arda000.



Yes if you want to be able to access ssh with your username. You need:
Code: 
AllowUsers arda000


You also need to make sure the username has a valid shell.
Click to expand...

I removed the user called admin (came default)

Now in admin list there is only arda000.. And in Allowusers arda000

Is it is secure to use arda000 incase admin? It totally deleted Admin. Because it is becoming hard to guess.

Did I made the true thing?

Thanks...
 
It's your decision. You do need a user with admin rights on your server or you can't manage DirectAdmin, but it doesn't need to be named admin and instructions have been posted previously on these forums.

Your server is only as secure as your passwords.

We usel passwords that look something like this:
Code: 
cLLkAT3P
but we won't use this one because anything that's been published anywhere is no longer secure.

Ideally you should only allow totally unprivileged users to log in through ssh; they should have privilege only to su into root. That way anyone needing access to your server will need to guess two passwords before he/she can do anything.

Jeff

Jeff
 
Instead of disabling root to ssh, I block access to port 22 via IPTables except for my IP - of course, I've a static IP and always access ssh from home. That works for me, but yeah, not everyone has a static IP, so this advice could be useless lol! Specially if you allow ssh access globally
 
Better yet don't allow password authentication at all and use keys.
 
You must log in or register to reply here.
Back
Top