Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ======5.2.8 Ensure SSH root login is disabled (Scored)====== =====Profile Applicability===== <code> Level 1 - Server Level 1 - Workstation </code> =====Description===== The ''PermitRootLogin'' parameter specifies if the root user can log in using ssh(1). The default is no. =====Rationale===== Disallowing root logins over SSH requires system admins to authenticate using their own individual account, then escalating to root via ''sudo'' or ''su''. This in turn limits opportunity for non-repudiation and provides a clear audit trail in the event of a security incident =====Audit===== Run the following command and verify that output matches: <Code:bash> # grep "^PermitRootLogin" /etc/ssh/sshd_config PermitRootLogin no </Code> =====Remediation===== Edit the ''/etc/ssh/sshd_config'' file to set the parameter as follows: <Code:bash> PermitRootLogin no </Code> ubuntu1604/5/2/8.txt Last modified: 2017/05/04 11:31by Piotr Kłoczewski