Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

SSH

Disabling Root Login (Unix)

Restrictions on Secure Shell services, as described for non-privileged users in Restricting Services and Restricting Services, do not prevent users with shell access to the system from setting up the equivalent services.

It is also possible to limit users with administrative privileges to predefined commands if shell access is not needed.

Shell access is often desired for remote administration of the server computer. It is recommended to have users log in first to their non-privileged user accounts and once logged in elevate their rights using sudo or su especially if the root account is used instead of individual administrator accounts.

The following configuration setup prevents logging directly in to the privileged accounts:

<authentication-methods>
  <authentication action="deny">
    <selector>
      <user-privileged value="yes" />
    </selector>
  </authentication>
  ...
</authentication-methods>

===AUTO_SCHEMA_MARKUP===