Your browser does not allow storing cookies. We recommend enabling them.

SSH

Disabling Root Login (Unix)

Restrictions on Secure Shell services, as described for non-privileged users in Restricting Services and Restricting Services, do not prevent users with shell access to the system from setting up the equivalent services.

It is also possible to limit users with administrative privileges to predefined commands if shell access is not needed.

Shell access is often desired for remote administration of the server computer. It is recommended to have users log in first to their non-privileged user accounts and once logged in elevate their rights using sudo or su especially if the root account is used instead of individual administrator accounts.

The following configuration setup prevents logging directly in to the privileged accounts:

<authentication-methods>
  <authentication action="deny">
    <selector>
      <user-privileged value="yes" />
    </selector>
  </authentication>
  ...
</authentication-methods>


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now