With the help of this page, we proceed by preventing the root to log remotely to our box. We will provide another user that will become superuser if needed.
First move, create an user account
useradd your-user -G users,wheelAllow this user to become root, without supplying a password (to be more accurate, all the users of group whell can do that)
passwd your-passwd
visudoThis is a vi editor window so type a to enter edit mode. Uncomment the line
%wheel ALL=(ALL) NOPASSWD: ALLAnd then type esc :wq to save and exit.
We have to prevent root to login remotelly : edit /etc/ssh/sshd_config and add or uncomment the line
PermitRootLogin noWe finish all this by restarting the sshd service
service sshd restartNow, the user we created can log-in with ssh and become super-user with
sudo su -Done.
Actually I don't like very much to have another user log as root without a password. So I modified back the visudo line to
%wheel ALL=(ALL) ALL
No comments:
Post a Comment