Securing SSH - AidanP017/Aidan-SYS-255 GitHub Wiki

Overview

In this assignment, we were tasked with securing SSH by disabling root user access to DHCP01.

How to Disable Root User Access to DHCP01

To disable root user access to DHCP01, the first thing you will want to do is add a new user that you can use to access the server after root is disabled. This can be done by entering the following command:

  • useradd "name for new user"
  • passwd "name of new user"

Once you have created a new user and set its password, you will want to configure the settings so that the new user can run sudo commands without permission. This can be done by performing the following steps:

  • Enter the command visudo.
  • Scroll down until you find the section mentioning "Allows people in group wheel to run all commands".
  • Under where it says "%wheel ALL=(ALL) ALL", enter ""name of new user" ALL=(ALL) ALL" to match similarly to the line above.
  • Press the esc key and type :wq! to save these changes and exit the visudo menu.

To verify whether or not these changes have been applied, take the following steps:

  • Enter the command su "name of new user".
  • Enter the command sudo ls and enter your new user password.

Next, you will want to edit your SSH configuration file in order to prevent root access into the server. To do this, take the following steps:

  • Type exit to return to the root user.
  • Enter the command vi /etc/ssh/sshd_config.
  • Type the backslash symbol (/) and search for "Permit".
    • This should take you to a line saying "#PermitRootLogin yes".
  • Delete the hash symbol (#) before the above line and type "no" in place of where "yes" is.
  • Press the esc key and type :wq! to save these changes and exit the menu.

Then, we will restart the ssh service by typing service sshd restart.

Finally, to ensure that root user access has indeed been disabled, locate the IP address for your network using the command ifconfig and copy it. Next, take the following steps:

  • Enter the command ssh "name of new user"@"IP address".
    • Type yes.
  • Type sudo ls.
    • Enter your user password.
  • Type cd / to return to the main directory.
  • Type sudo ls to view the main directory. If you are able to view it, then the new user was set up correctly for the purposes of this assignment.

Now, try to perform the same steps as the root user.

  • Enter the command ssh root@"IP address".
    • Type yes.
      • Once you type in the password, the root user should be denied permission and not be able to log in.