[CentOS] Signing In Other than Root

Christoph Neuhaus nihil14 at gmail.com
Tue Jan 5 13:17:42 UTC 2010


> How do I make it so that it's impossible to SSH into the server directly  
> as root?

man ssh_config ->

   Specifies whether root can login using ssh(1).  The argument
   must be "yes", "without-password", "forced-commands-only" or
   "no".  The default is "yes".

   If this option is set to "without-password" password authentica-
   tion is disabled for root.  Note that other authentication meth-
   ods (e.g., keyboard-interactive/PAM) may still allow root to
   login using a password.

   If this option is set to "forced-commands-only" root login with
   public key authentication will be allowed, but only if the
   command option has been specified (which may be useful for tak-
   ing remote backups even if root login is normally not allowed).
   All other authentication methods are disabled for root.

   If this option is set to "no" root is not allowed to login.

You have to restart the SSH server (service sshd restart) after modifying  
the file /etc/ssh/sshd_config.


More information about the CentOS mailing list