A few years ago, there was a somewhat celebrated case where malicious actors had managed to plant malware on quite a few Linux servers somewhere in southeast Asia. There were three reasons that the bad guys found this so easy to do:
- The internet-facing servers involved were set up to use username/password authentication for SSH
- The root user was allowed to log in through SSH
- User passwords, including the root user's password, were incredibly weak
All this meant that it was easy for Hail Mary to brute-force its way in.
Different distributions have different default settings for root user login. In the /etc/ssh/sshd_config
file of your CentOS machine, you'll see this line:
#PermitRootLogin yes
Unlike what you have in most configuration files, the commented-out lines in sshd_config
define the default settings for the Secure Shell daemon. So, this line indicates that the root user is indeed allowed to log in through SSH. To change that, I'll remove the comment symbol and change...