Securing SSH - Galen-Dively/SYS250-02-Journal GitHub Wiki

To secure my SSH I:

Opened /etc/ssh/sshd_config using vi.
In vim, navigate to the #PermitRootAccess yes line
Changing that line to PermitRootAccess no will block root access over ssh.
After saving the file I restarted the ssh service with sudo systemctl restart ssh

Now ssh will block root users. To test I used wks01 as the client. With a command prompt, I attempted root login using ssh root@dhcp01-galen. It prompts for the password but when the right password is entered it still returns the error Permission Denied, please try again.

I started to have issues when trying to view the logs. I already knew I did not have /var/log/messages but I also did not have /var/log/secure. After some research I learned that these two directory, and more, are part of the rsyslog package. After install the rsyslog package using sudo yum install rsyslog and answering yes to the prompt, all the directory I needed were added. So I tried to login as root again to get the logs in /var/log/secure. The logs did not output anything with sudo cat /var/log/secure | grep "not met", but when I did sudo cat /var/log/secure | grep "root" to find anything pertaining the root login attempt I saw the password failed error. This confused me so I attempted the login again making sure I got the password right and it still did not let me in. I even changed the root password to make sure I would get it right and I still got the errors. At this point I believe you cannot login as root but I do not like that it still allows for password prompting.