Hello there;

I wanted to disable root login. I've changed PermitRootLogin to NO

at the end of the sshd_config I saw;

AllowUser admin (my directadmin username)
AllowUser root

I removed these lines because I don't want direct root login

Are these lines really necesarry? If you say yes, I only have to add AllowUser admin? or Will it work properly with default sshd_config file

Thank You

If you remove all the AllowUsers lines and change PermitRootLogin to No then nobody will be able to use ssh.

If you remove all the AllowUsers lines and change PermitRootLogin to No then nobody will be able to use ssh.

Sure, I can access with my username arda000@IP, than I type "su -" and i'm on root.

My question is, is there any necessary modifications on sshd_config file?

Sure, I can access with my username arda000@IP, than I type "su -" and i'm on root.

Like I said if you remove all AllowUsers lines then now you will not be able to access the server through ssh even with your username arda000.


My question is, is there any necessary modifications on sshd_config file?

Yes if you want to be able to access ssh with your username. You need:

AllowUsers arda000


You also need to make sure the username has a valid shell.

Like I said if you remove all AllowUsers lines then now you will not be able to access the server through ssh even with your username arda000.



Yes if you want to be able to access ssh with your username. You need:

AllowUsers arda000


You also need to make sure the username has a valid shell.

I removed the user called admin (came default)

Now in admin list there is only arda000.. And in Allowusers arda000

Is it is secure to use arda000 incase admin? It totally deleted Admin. Because it is becoming hard to guess.

Did I made the true thing?

Thanks...

It's your decision. You do need a user with admin rights on your server or you can't manage DirectAdmin, but it doesn't need to be named admin and instructions have been posted previously on these forums.

Your server is only as secure as your passwords.

We usel passwords that look something like this:

cLLkAT3P
but we won't use this one because anything that's been published anywhere is no longer secure.

Ideally you should only allow totally unprivileged users to log in through ssh; they should have privilege only to su into root. That way anyone needing access to your server will need to guess two passwords before he/she can do anything.

Jeff

Jeff

Instead of disabling root to ssh, I block access to port 22 via IPTables except for my IP - of course, I've a static IP and always access ssh from home. That works for me, but yeah, not everyone has a static IP, so this advice could be useless lol! Specially if you allow ssh access globally

Better yet don't allow password authentication at all and use keys.

Better yet don't allow password authentication at all and use keys.Exactly, and don't use the default SSH port :)