I am planning to deploy some CentOS linux servers and I've read many articles that suggested to disabled root account. I am just wondering is that necessary? If not, what's the best security policy?
SnapOverflow
I am planning to deploy some CentOS linux servers and I've read many articles that suggested to disabled root account. I am just wondering is that necessary? If not, what's the best security policy?
I wouldn't disable root, but I would disable root logins via ssh.
I'd still allow root login on the console, because if you have problems that might be the only way in short of booting from soem other media, mounting your root partition, re-enabling root - you get the idea.
What I usually do is create another account, with the possibility to access the root, and disable the SSH root account, because any hacker can try to access your server, and brute force your PW.
Edit: It's also nice, to set
MaxAuthTries 6or 10, or whatever, insshd_configThe main reason behind that advise is security.
rootis an already known username so the password is only thing required for remote login. Other common usernames are usually disabled for remote login already.If an attacker wants to break your server, he first needs to guess the username, and then try to guess the password for that username, so the more common dictionary attacks are done to the
rootpassword, there are two reasons to do it that way.From my point of view the most pragmatic approach is disabling password authentication for
root.Only root login with public key authentication will be allowed. Limiting
MaxAuthTriesis a good idea also.