In this lab, we will look at how to lock down remote access to a Linux host. We will accomplish this by restricting all remote logins for the `root` account as well as restricting SSH access based on account names.
Successfully complete this lab by achieving the following learning objectives:
- Prevent remote logins from using the `root` account.
In order to prevent remote logins from using the
rootaccount, we’ll need to edit the
/etc/passwdfile. Run the following command:
- select #2 for nano (easiest)
Next, edit the line that starts with
Save and exit the
- Permit only the `cloud_user` account to connect to the host via SSH.
In order to filter SSH access and only permit the
cloud_useraccount to access the host via SSH, we’ll need to edit the
sshd_configfile with the following command:
sudo nano /etc/ssh/sshd_config
Add the following line to the file just under the second line of the file:
Note: You can also restrict user access by source hostname, IP address, or subnet, like:
AllowUsers email@example.com/24 AllowUsers Jhalpert@james.host.int AllowUsers firstname.lastname@example.org
Now, restart the
sshservice with the following command:
sudo service ssh restart