After I found out hundreds of hacking attempts are made in a day I decided I want to disable logging in to root remotely via a password. But then I found I can't switch users in WinSCP so I can't easily upload/download/edit files.
After I figured out how to disable remote logins it appeared I can't login remotely via a key. So I allowed it and disabled the password. But it turns out it disables passwords on all users.
How do you recommend protecting myself when logging in to my server? Someone mentioned he uses one time login tokens, but I am unsure how to use that.
But anyways, how do I disable password login for root but allow it for everyone else? I must be able to su into root from the other accounts bc primary I log into acidzombie24 then su to root and carry on normally.
Best Answer
to disable the root password, you need to lock the root account:
explanation:
the first line locks the root a/c, but also expires the password, meaning stuff might break (like the root crontab, for example!!). The second line sets the root password to "never expire", so that this doesn't happen, and so that you can still use
sudo sufor example.Combine this with
PermitRootLogin Noin/etc/ssh/sshd_config, and you should be good to go.