As Linux administrators, we’re taught that it is a really bad practice and a security flaw to allow root-logins over SSH. But what exactly makes this a bad practice?
In this tutorial, we first explain why allowing root-logins over SSH is a security issue. With that knowledge, we then present some best practices to use.
2. The Bad
The root is the superuser account in Unix and Linux based systems. Once we have access to the root account, we have complete system access. Because the username is always root and the access rights are unlimited, this account is the most valuable target for hackers.
There are a lot of bots scanning the Internet for systems with exposed SSH ports. When they find one, they will attempt to login using common usernames and try to guess the password.
Imagine that a bot gets lucky and guesses the root password. Because root gives access to the whole machine, the machine should be considered lost at this time.
The impact would have been a lot less if the compromised user had unprivileged access. The breach would then be contained and limited to this user only.
3. Best Practices
Now that we know that it is bad to allow root logins over SSH, it’s time to take some measurements. Let’s go through some of the best practices.
3.1. Disable Root SSH
First, we disable SSH root logins. We do this by editing the SSH daemon configuration, which is usually located in /etc/ssh/sshd_config. We have to make sure that it contains the following line:
Furthermore, because we don’t want to lock ourselves out, we make sure that our normal user is still allowed to log in either by username:
or by group:
Once we save our changes, we have to restart the
sshd service to make them effective.
3.2. Use sudo
For administrative purposes, every now and then, we still need to perform certain tasks as root. We should pick up the habit of using sudo for this.
With sudo, we can act as root without ever having to become root. There is a less obvious benefit to this as well. Because every task we perform through sudo is performed under our own use rather than the generic root account, it will show up in the logs under our own user name.
3.3. Use SSH Keys
Although less likely because of uncommon user names, regular user accounts are still vulnerable to password guessing by bots. Also, people tend to choose weak passwords or reuse their passwords to make them easier to remember.
While password guessing can be mitigated by choosing strong passwords (harder than it looks) or limiting failed login attempts, it is best to get rid of passwords completely.
Instead of passwords, we can use SSH keys to log in. Once set up, we should disable password logins in /etc/sshd_config:
and restart the sshd service.
Unlike passwords, private keys are virtually impossible to guess. Because stealing a private key is much harder than guessing a (weak) password, using SSH keys is inherently the safer choice.
In this article, we have seen why it is bad to enable root logins over SSH. Besides disabling root logins, we should also look into securing our systems by disabling password logins altogether.