In this lab, we will look at how to lock down remote access to a Linux host. We will accomplish this by restricting all remote logins for the `root` account as well as restricting SSH access based on account names.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Prevent remote logins from using the `root` account.
In order to prevent remote logins from using the
rootaccount, we’ll need to edit the/etc/passwdfile. Run the following command:sudo vipw- select #2 for nano (easiest)
Next, edit the line that starts with
rootand replace/bin/bashwith/sbin/nologin.Save and exit the
/etc/passwdfile.
- Permit only the `cloud_user` account to connect to the host via SSH.
In order to filter SSH access and only permit the
cloud_useraccount to access the host via SSH, we’ll need to edit thesshd_configfile with the following command:sudo nano /etc/ssh/sshd_configAdd the following line to the file just under the second line of the file:
AllowUsers cloud_userNote: You can also restrict user access by source hostname, IP address, or subnet, like:
AllowUsers cloud_user@10.0.0.0/24 AllowUsers Jhalpert@james.host.int AllowUsers mscott@192.168.55.10Now, restart the
sshservice with the following command:sudo service ssh restart
