Transcript from the "Disable root access" Lesson
>> Jem Young: Excellent, back to the slides.
>> Jem Young: Again, just run this command so you log in with your ssh key and Security Terry. What's he gonna say? Disable root login! Yes, we do not ever want to log in as root cuz you don't have to. You never wanna log in as root.
[00:00:19] Again if you're doing things with root the server will not warn you when you're about to do something really stupid, it'll just let you do it and we wanna let the server tell us if we're about to do something stupid. So disable root login, actually why do we single root login?
[00:00:33] So this is a screenshot from last night, number eight maybe it was the night before. Two days ago. So I created a test server that students over there already logged into earlier. So, here is where I created it and then this was thirty eight seconds later somebody is already trying to break into that server, from that IP address and if you look at where that IP address is?
[00:00:58] It's somewhere in China. So this is why I say security is a real thing. I make light of it, but it's a serious business especially if you have customer sensitive data on your server you want to disable root login cuz that's the first thing that people are gonna try to go for when they try to break into your server.
[00:01:15] Cuz root is the easiest way. Root with no password is just like, it's leaving your house wide open with your flat screen, invisible, and your gold bars and your Ferraris, and whatever else everybody has. You don't have Ferraris in your-
>> Speaker 2: [LAUGH] Certainly not on my Digital Oceans server.
>> Jem Young: Yeah, yeah. [LAUGH] So, what we wanted to do is, we wanted to disable re-login. So we are gonna modify the SSH config. SHD, stand for SH Daemon. A Daemon is just a process that runs on your server. So, we are sudo into that and edit it in vi and we are just disable root login.
[00:01:52] So, I will give everybody a second to do that. So in your command line sudo vi /etc/ssh/sshd_config.
>> Speaker 2: Of course, this is from the server, right?
>> Jem Young: This is on the server, yes. Everything we do from now on will be on the server until I say exit out.
[00:02:09] Good question, though.
>> Speaker 2: Is there no auto-complete on the server? Or tab complete, I should say.
>> Jem Young: There is. That's a good way to tell if you're [INAUDIBLE]
>> Speaker 2: [INAUDIBLE] delayed.
>> Jem Young: And just find the line that says permit root log in an it'll say yes, change that to no.
>> Jem Young: And if you can't find it, remember how to find in command mode slash whatever you're trying to find. So as soon as more people start looking up, I'll go ahead and demo that on our server.
>> Jem Young: Okay, so I'm just gonna go ahead and do that example.
[00:02:54] So I'm on my server, so sudo vi /etc/ssh/sshd_, let's Tab complete that. To my sudo password, and I'm gonna find permit right there. And dollar sign's gonna jump me to the end, insert no. And write quit.
>> Jem Young: Everybody follow that? It's pretty fast but these are the commands we're running.
[00:03:34] You're gonna vi sshd PermitRootLogin, change that to no. Then we're gonna restart the ssh service. So you can change this file all day, until you restart the service it won't take effect. So to restart the service, sudo service, ssh and we'll say restart.
>> Speaker 2: SSHD?
>> Jem Young: In this case no.
[00:03:55] Usually it would be sshd but ssh I believe will do into this one. You might be right. Actually I'll do sshd. I think they both work on a for some reason.
>> Speaker 2: Interesting.
>> Jem Young: Yeah, I've done it before and it works with ssh but great point. Let's do sshd, that's the daemon that's actually ssh.
[00:04:10] But I believe you can do either.
>> Speaker 3: Yeah, I just did the other one and it worked, I think.
>> Speaker 2: Wow.
>> Jem Young: Okay, hey, I learn something new every time.
>> Jem Young: So at this point, you have now disabled your root login. So I know I've hammered it at least 50 times.
[00:04:25] But if you were not able to login with the user you made, you are now, once you log out, you will be locked out unless you did things correctly. So I'm just gonna exit. I just wanna make sure that I'm still able to login, and we're good. So if you exited and you were not able to login, you might have to start over at this point.
[00:04:46] I am really sorry.
>> Jem Young: Yes.
>> Speaker 4: Yeah, they were just asking about what sshd is. Can you just explain that?
>> Jem Young: Yes, so there are processes on servers which are constantly running in the background. They're called daemons. And sshd just stands for ssh daemon. It's the process that's running ssh in the background at all times.
[00:05:07] Great question, though.
>> Jem Young: All right, so everybody in this room looks good, no one looks scared or perplexed. So we are all logged in.
>> Jem Young: All right, so if you did this correctly, Internet High Five from my hand on the screen. You can't see me at home, but good work everybody that was a that was pretty hard and it's a little dangerous to get into the land of lock yourself out of server but we're good now.