I was hardening a server this morning and decided my reference for disabling root access within Linux / cPanel / WHM may benefit someone else.
Note: Some may end up here trying to find out how to disable the WHM’s root user login. I do not believe that is possible.
Allow other users to su (substitute user)
- WHM > Security Center > Manage Wheel Group Users
- Add desired user(s) to Wheel Group
Disable root access
- Log into SSH as root
- Type
vi /etc/ssh/sshd_config
and hit Enter - Type
i
(insert mode) - Change
PermitRootLogin yes
toPermitRootLogin no
- Hint: You can also change the port number to harden the server even further.
- Hit Escape and type
:x
(save and exit) - Type
service sshd restart
Confirm root is disabled
- Start new SSH session
- Try logging in as root
- You should see Access denied
Confirm user can become root
- Log in as a Wheel Group user
- Type
su -
and hit Enter - Enter the root password
- No errors? You’re all set!
- Type
exit
and hit Enter to end root session - Type
exit
and hit Enter to end user session
Optional: Change SSH port number
- Log into SSH as Wheel Group user
- Type
su -
and hit Enter - Enter the root password
- Type
vi /etc/ssh/sshd_config
and hit Enter - Type
i
(insert mode) - Change
Port 22
to something likePort 5678
- New port number must be unique. Ports 5000 through 5999 are usually a safe range. Ask your data center when unsure.
- Hit Escape and type
:x
(save and exit) - Type
service sshd restart
- Type
exit
and hit Enter to end root session - Type
exit
and hit Enter to end user session - Log into SSH as a Wheel Group user using the new port number
These tasks are common knowledge to many of us, but try to remember, everyone was green at some point and needed help 😉