Disable Direct Root Login and SSH protocol 2 in cPanel/WHM
« on: November 25, 2008, 10:01:30 AM »
It is a good idea to disable root login via SSH. It reduces the security risk. It is also recommended to use SSH protocol 2 and disable SSH protocol 1. SSH protocol 2 is more secure than SSH protocol 1. Following are the steps to disable direct root login and to disable SSH protocol 1:

[1] Login as a 'root' to your server.
[2] Open /etc/ssh/sshd_config file.
Quote
pico -w /etc/ssh/sshd_config

[3] Find the below text within file:
Quote
Protocol 2, 1
[4] Uncomment the above line and change it as follow:
Quote
Protocol 2
[5] Now, search the below text:
Quote
PermitRootLogin yes
[6] Uncomment the above line and set as follow:
Quote
PermitRootLogin no
[7] Save the file and restart SSH service using the below command:
Quote
/etc/rc.d/init.d/sshd restart

Now, no one will be able to login as root directly. They have to use su - to get the root access. You will need to add your user to wheel group in cPanel otherwise you will not be able to use su command.

Regards,

Kevin