Create a New User Grant Root Privileges and Disabl SSH Root Login on CentOS

Question

Recently, we encountered the problem that Alibaba Cloud ECS server was attacked by DDoS, indicating that our server security needs to be improved. From the perspective of ssh login, you can set sub-users for the linux system and prohibit root login, which can improve certain security.

In this article you will learn

  • How to create a new user and set a password for linux system and CentOS system
  • How to grant permission control to new CentOS users
  • How to prohibit root login to improve server ssh remote connection security
  • How to restart sshd service
  • How to view file permissions and modify file permissions

User Management

  1. Create a user and set a password

    First create a user, give a name, such as lwebapp

    adduser lwebapp

    Set a password for the user lwebapp, it will trigger interaction, just enter the password

    passwd lwebapp # Trigger interaction, enter password lwebappwd
  2. Grant root privileges Modify sudoers to give root privileges to the newly created user, so that every time you only need to log in with the new user lwebapp, all server operations can be completed.

    The sudoers file is in the /etc directory, first modify the permission of this file to allow modification

    chmod 777 /etc/sudoers

    Then open with vim

    Hit i to enter edit mode

    vim /etc/sudoers

    Then after the root ALL=(ALL) ALL line break, enter

    lwebapp ALL=(ALL) ALL # Give all permissions to lwebapp, same as root above

    Hit Esc, enter colon : to enter vim command mode, then enter wq, hit Enter to save and exit

    After saving the file, set the file permissions back

    chmod 444 /etc/sudoers
  3. Disable root login Because of the new user, the root user's login authority is prohibited, so that hackers cannot operate the server by cracking the root login. At least our new user name has changed, which adds a layer of difficulty to hacker attacks.

    Locate and edit the sshd_config file

    vim /etc/ssh/sshd_config

    Find PermitRootLogin yes, change yes to no, which means that the root account is not allowed to log in

    PermitRootLogin no
  4. Restart sshd Finally restart sshd to take effect

    systemctl restart sshd.service

Extended Learning

File Permissions

  1. Check file permissions

    stat -c '%A %a %n' *
  2. Make all files in a folder have 777 permissions

    chmod 777 -R ./webapps

vim basic operations

  1. Open a file

    vim file.txt
  2. Enter edit mode
    Hit i, the bottom of the terminal interface displays -- INSERT -- is the edit mode

  3. Enter command mode
    Enter :, the bottom of the terminal interface displays : and the cursor

  4. Exit edit mode or command mode
    Hit Esc

  5. Save and exit
    In command mode, enter wq, hit Enter to save and exit

  6. Force Quit
    In command mode, enter q! and hit Enter to complete the forced exit

sshd service

  1. View sshd service status

    systemctl status sshd.service

    A series of service statuses will be displayed, such as running, which means that the startup is successful.

  2. Start the sshd service

    systemctl start sshd.service
  3. Restart the sshd service

    systemctl restart sshd.service
  4. Set to start at boot

    systemctl enable sshd.service

Reference

Comments