I run a webserver on a VPS. For security I would like to change the default linux root username to something else. How do I do this and are there any implications I should consider before doing this?
Ah security through obscurity... The username itself is only defined in /etc/passwd and /etc/shadow so yes you could very easily go in and change it. One thing to keep in mind is the various moving parts of a server which may default to point to root which would no longer exist and potentially start breaking things and making it that much more interesting to troubleshoot.
If you're intent is to try and secure your VPS there are much more efficient ways than just changing the username and potentially causing headaches down the road. I knew an admin that did this with an old NT server by removing the administrative shares and later caused problems installing software. Security through obscurity doesn't really do anything but provide a false sense of security.
If you want to secure the box, I would start by adding yourself a non-root account, disable passwords (PasswordAuthentication no) and use SSH identity keys (PubkeyAuthentication yes)to authenticate remote logins, setup sudo access for your account and disable remote root login (PermitRootLogin no) through SSH. If you want to go a step further setup a group that is allowed to remotely connect and use the AllowGroups option to only allow accounts belonging to that group to login.
Offtopic: No offense, but changing the root username to something else hasn't got anything to do with security.
Do you want to do this to prevent SSH brute-force login attempts?
On Topic: The username alone is not that important, it's the UID. If it stays 0, I don't think you'll encounter problems.
You can disable the ability to have someone log in as root by disabling the root account. This would prevent anyone from logging in as root locally, via SSH, using su, or any other method that would require providing the root password. However, it shouldn't break anything that might require a root user named 'root.'
To do this, lock the root user's account:
passwd -l root
or replace the password hash for the root user in /etc/shadow to just an exclamation point.
Only time you might get into hot water is in certain recovery scenarios that require the root password. As long as you're okay with having to jump through a few extra hoops in that case (mounting the drive in another computer to modify /etc/passwd as an extreme solution, although there are other ways to fix most problems), this solution should be fine.
Alternately, just disable root login via SSH by setting:
PermitRootLogin no
in sshd_config. (Don't forget to restart sshd after changing this.)
If you want security-through-obscurity change the port ssh listens on to something other than 22. This doesn't replace having a strong password and other security precautions, but the many automated find-ssh-servers-and-attack-them scripts will never see you.
Drop ICMP echo requests too; seems a lot of automated attacks ping first before deciding to try and break in.
Ah security through obscurity... The username itself is only defined in
/etc/passwdand/etc/shadowso yes you could very easily go in and change it. One thing to keep in mind is the various moving parts of a server which may default to point torootwhich would no longer exist and potentially start breaking things and making it that much more interesting to troubleshoot.If you're intent is to try and secure your VPS there are much more efficient ways than just changing the username and potentially causing headaches down the road. I knew an admin that did this with an old NT server by removing the administrative shares and later caused problems installing software. Security through obscurity doesn't really do anything but provide a false sense of security.
If you want to secure the box, I would start by adding yourself a non-root account, disable passwords (
PasswordAuthentication no) and use SSH identity keys (PubkeyAuthentication yes)to authenticate remote logins, setup sudo access for your account and disable remote root login (PermitRootLogin no) through SSH. If you want to go a step further setup a group that is allowed to remotely connect and use theAllowGroupsoption to only allow accounts belonging to that group to login.Offtopic: No offense, but changing the root username to something else hasn't got anything to do with security. Do you want to do this to prevent SSH brute-force login attempts?
On Topic: The username alone is not that important, it's the UID. If it stays 0, I don't think you'll encounter problems.
You can disable the ability to have someone log in as root by disabling the root account. This would prevent anyone from logging in as root locally, via SSH, using
su, or any other method that would require providing the root password. However, it shouldn't break anything that might require a root user named 'root.'To do this, lock the root user's account:
or replace the password hash for the root user in
/etc/shadowto just an exclamation point.Only time you might get into hot water is in certain recovery scenarios that require the root password. As long as you're okay with having to jump through a few extra hoops in that case (mounting the drive in another computer to modify /etc/passwd as an extreme solution, although there are other ways to fix most problems), this solution should be fine.
Alternately, just disable root login via SSH by setting:
in sshd_config. (Don't forget to restart sshd after changing this.)
If you want security-through-obscurity change the port ssh listens on to something other than 22. This doesn't replace having a strong password and other security precautions, but the many automated find-ssh-servers-and-attack-them scripts will never see you.
Drop ICMP echo requests too; seems a lot of automated attacks ping first before deciding to try and break in.