SYS‐255 Security SSH - aljimenez28/champlain GitHub Wiki

Disable SSH login for the root account on the dhcp01 Rocky Linux server to prevent brute-force attacks against the known UID 0 (root) account.

1. Connected to dhcp01 via SSH

   • Used PuTTY from wks01 to SSH into the dhcp01 VM as a regular user with sudo privileges.

2. Edited the SSH Daemon Configuration

   sudo vi /etc/ssh/sshd_config

• Located the line:

  PermitRootLogin prohibit-password
  

• Changed it to:

  PermitRootLogin no
  

• Removed any # to ensure the line was active.

3. Restarted the SSH Service

   sudo systemctl restart sshd
   sudo systemctl status sshd
   

   • Confirmed the service was active (running) with the new configuration.

4. Tested Root Login

   ssh root@<dhcp01_IP>
   

   • Attempted to log in as root from another PuTTY session.

   • Received Authentication failure, proving that remote root login is blocked.

5. Verified in Logs

   • Triggered a failed root login attempt to generate log entries.

   • Checked system logs:

     sudo journalctl -u sshd --since "5 minutes ago"
     sudo lastb
     

   • Captured screenshots showing the denied login.

sudo vi /etc/ssh/sshd_config   # Edit SSH daemon configuration
sudo systemctl restart sshd    # Apply changes
sudo systemctl status sshd     # Confirm service is running
ssh root@<IP>                  # Test root login
sudo journalctl -u sshd         # View SSH-related journal entries
sudo lastb                       # View failed login attempts

In short: /var/log/btmp is focused on failed logins, while journalctl -u sshd provides a complete timeline of SSH daemon activity.

Remote root access through SSH is now fully disabled on dhcp01. Even with the correct password, the SSH daemon rejects all root login attempts, protecting the system from password-guessing attacks.