Hi’ya, folks!
How are you doing?
Today, we have a task to disable SSH root access unto our application servers.
Namely, app servers 01 (stapp01), 02 (stapp02), 03 (stapp03). Having the following users: tony, steve, and banner.
Kindly refer to this infrastructure schematic.
With this we do the following for all three servers.
First, we SSH into a server from our jumphost (thor). Like so:
ssh tony@stapp01Alternatively, we can also login or ssh into a server with its IP address. If the hostnames aren’t mapped to their respective IP address yet.
ssh tony@172.16.238.10This will result in the same thing, if the server is running on that IP address and can be found.
Once we have SSH’ed into a server.
First, we request to escalate our privileges. So that we can do administrative tasks on the server.
sudo suThen. We’ll need to modify a line from a SSH daemon configuration file. We can utilize vi, vim, or nano text editors for this task.
vi /etc/ssh/sshd_configIn this case, we worked with a text editor called “vi”. It is the software that’s installed unto our server machines.
However, other text editors like “nano” will work just as fine as vi, or vim.
Now we change this line, saying the following.
“PermitRootLogin yes”
Into.
“PermitRootLogin no”
Finally, once we have saved the file with the modified value for PermitRootLogin”.
We manually restart our sshd daemon service with the following command.
systemctl restart sshdOnce this runs without throwing any errors. You should be good to go, my friends.
You repeat this same process for the other two (2) application servers.
- Application server 02
- steve@stapp02
- Application server 03
- banner@stapp03
When you’re done with the rest of the application servers.
Then, remember to check your work, through Kode Kloud checker tool. So that your progress will be recorded and saved for later.
Alright, that’s it for now.
Thanks!
God bless.
Leave a Reply