Lab 04 ‐ Module 02 ‐ Securing SSH - Isaiah-River/SYS-255-02-SYSAdmin GitHub Wiki

For this module we familiarized ourselves with how to disable the SSH root user access to our DHCP01 virtual machine. I started by using Google Duckduckgo to find out how to disable SSH access to the root account. To start I remote accessed my DHCP01 virtual machine from my AD01 virtual machine. After this I used the command vi /etc/ssh/sshd_config to open the SSH configuration in the Vi text editor. After this I found the line #PermitRootLogin yes and replaced the yes with a no. I then saved and quit the file, and restarted the service with the command systemctl restart sshd. I then exited out of my remote connection and tried to log in with the root credentials, which would not work. After this I remote connected again with my isaiah account, and used the elevated command cat /var/log/secure | grep "not met" to search through the logs to find the failure to login as root.

After this I determined what the user ID for root is using the command id while signed into the root account. I then learned that the root account's id is 0 and did some research. After a little bit of Googling Duckduckgoing I found out that system users ids are all below the value of 1000, and that the way linux prevents remote SSH into the root account is by setting the minimum number a user ID can be to 1000. Examples of these accounts include my isaiah account, or the Bob, Fred, and Alice accounts we made for our previous module.