✎ 5.2.8 Ensure SSH root login is disabled (Scored) [SecScan]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.

======5.2.8 Ensure SSH root login is disabled (Scored)======
=====Profile Applicability=====  
<code>
Level 1 - Server
Level 1 - Workstation 
</code>

=====Description=====
The ''PermitRootLogin'' parameter specifies if the root user can log in using ssh(1). The default is no.

=====Rationale=====
Disallowing root logins over SSH requires system admins to authenticate using their own individual account, then escalating to root via ''sudo'' or ''su''. This in turn limits opportunity for non-repudiation and provides a clear audit trail in the event of a security incident

=====Audit===== 
Run the following command and verify that output matches:
<Code:bash>
# grep "^PermitRootLogin" /etc/ssh/sshd_config 
PermitRootLogin no
</Code>

=====Remediation===== 
Edit the ''/etc/ssh/sshd_config'' file to set the parameter as follows:
<Code:bash>
PermitRootLogin no
</Code>